This program creates the service MalService to ensure that it runs every time the computer is started.

The program uses a mutex to ensure that only one copy of the program is running at a time.

We could search for a mutex named HGL345 and for the service MalService.

The malware uses the user-agent Internet Explorer 8.0 and communicates with www.malwareanalysisbook.com.

This program waits until midnight on January 1, 2100, and then sends many requests to http://www.malwareanalysisbook.com/, presumably to conduct a distributed denial-of-service (DDoS) attack against the site.

This program will never finish. It waits on a timer until the year 2100, and then creates 20 threads, each of which runs in an infinite loop.