June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
1.1 Downloader
The simplest type of malware that you will encounter during malware analysis is a Downloader. A downloader is a program that downloads another malware component from the internet and executes it on the system. It does that by calling the UrlDownloadToFile() API, which downloads the file onto the disk. Once downloaded, it then uses either ShellExecute(), WinExec(), or CreateProcess() API calls to execute the downloaded component. Normally, you will find that downloaders are used as part of the exploit shellcode.
The following screenshot shows a 32-bit malware downloader using UrlDownloadToFileA() and ShellExecuteA() to download and execute a malware binary. To determine the URL from where the malware binary is being downloaded, ...