Working

  • Using function , load the malicious executable into memory.
  • Mark the file for deletion using function.
  • Launch the process from section by calling function.
  • Calculate the entry point address.
  • Execute the process in memory using a remote thread.