Looking at a DGA called Locky written in python. This is some part of it.
# Shift the dates
modYear = uint32(__ROR4__(modConst1 * (SystemTime.wYear + 0x1BF5), 7))
modYear = uint32(__ROR4__(modConst1 * (modYear + seed + modConst2), 7))
modDay = uint32(__ROR4__(modConst1 * (modYear + (SystemTime.wDay >> 1) + modConst2), 7))
modMonth = uint32(__ROR4__(modConst1 * (modDay + SystemTime.wMonth + modConst3), 7))
# Shift the seed
seed = uint32(__ROL4__(seed, 17))
# Finalize Modifier
modBase = uint32(__ROL4__(pos & 7, 21))
modFinal = uint32(__ROR4__(modConst1 * (modMonth + modBase + seed + modConst2), 7))
modFinal = uint32(modFinal + modConst2)
I understand the different actions, but im a little confused to why they do what they do. Is it to make the whole thing as randomly as possible or is there some specific thought behind each bitshift, multiplying etc. You can find the whole thing here: https://github.com/sourcekris/pyLockyDGA
All these tactics are being used to make the Reverse Engineering harder and also to make the domains more "unpredictable".
Different malware families employ different such techniques. This github repo will help you understand the DGAs used by some of the most popular malware. "https://github.com/baderj/domain_generation_algorithms"