Skip to main content

Downloaders and Launchers

  • Commonly encountered types of malware
  • Both are responsible for executing another piece of malware
  • Differ in how this is achieved and where the malware is obtained
  • Downloader could be used to execute ransomware or key logger

Downloaders

  • Fetches the malware from the internet - URLDownloadToFileA()
  • Executes it on the local system - WinExec()
  • Often implemented using common windows API calls
  • Often packed with an exploit

Launchers

  • Any executable that sets malware for covert exeuction
  • Either for immediate execution of for future execution
  • Often contains the malware payload embedded within the file
  • Also known as a Loader
  • Difference is the malware is already present