Downloaders and Launchers
- Commonly encountered types of malware
- Both are responsible for executing another piece of malware
- Differ in how this is achieved and where the malware is obtained
- Downloader could be used to execute ransomware or key logger
- Fetches the malware from the internet -
URLDownloadToFileA()
- Executes it on the local system -
WinExec()
- Often implemented using common windows API calls
- Often packed with an exploit
- Any executable that sets malware for covert exeuction
- Either for immediate execution of for future execution
- Often contains the malware payload embedded within the file
- Also known as a Loader
- Difference is the malware is already present