Several strings that look like error messages (
Error sending Http
Error sending Http get,
Error reading response, and so on) tell us that this program will be using HTTP
POST commands. We also see HTML
/srv.html, /put.html, and so on), which hint at the files
that this malware will attempt to open.
WS2_32 imports tell us that this program will be
communicating over the network. An import to
suggests that this program may launch another process.
The function called at 0x4036F0 does not take any parameters other than the string, but ECX
this pointer for the object. We know the object that contains the function is an exception object because that object is later ...