Working
- Using
function, load the malicious executable into memory. - Mark the file for deletion using
function. - Launch the process from section by calling
function. - Calculate the entry point address.
- Execute the process in memory using a remote thread.