Q:

1. What happens when you run the malware executable?

Q:

2. What process is being injected?

Q:

3. How can you make the malware stop the pop-ups?

Q:

4. How does this malware operate?

Q:

1. What is the purpose of this program?

Q:

2. How does the launcher program hide execution?

Q:

3. Where is the malicious payload stored?

Q:

4. How is the malicious payload protected?

Q:

5. How are strings protected?

Q:

1. What is the purpose of this malicious payload?

Q:

2. How does the malicious payload inject itself?

Q:

3. What filesystem residue does this program create?

Q:

1. What does the code at 0x401000 accomplish?

Q:

2. Which process has code injected?

Q:

3. What DLL is loaded using LoadLibraryA?

Q:

4. What is the fourth argument passed to the CreateRemoteThread call?

Q:

5. What malware is dropped by the main executable?

Q:

6. What is the purpose of this and the dropped malware?