Lab 19-3 Solutions
The shellcode manually imports the following functions:
The shellcode creates the files %TEMP%\foo.exe and %TEMP%\bar.pdf.
The shellcode extracts two files stored encoded within the malicious PDF and writes them to the user’s %TEMP% directory. It executes the foo.exe file and opens the bar.pdf