A look into a smaller “Dropper” (Part II)


In my previous post, I tried to show that the malware finds another PE file from its resource section, creates a new file with the .dll extension (Dynamic Link Library) and writes the PE file from the .rsrc-section into the .dll file.

In this part, I will also present the registry-manipulation mechanisms integrated in that binary. But before we can dive into that, we can see some service-manipulation functions:

Read More »