|
|
|
|
|
|
by _8j50
1247 days ago
|
|
|
Running and installing are different things. A popular dropper I frequently run into for example never drops an executable to disk, it loads base64 from registry, decodes/decrypts it and reflectively executes the .NET assembly which in turn decodes and executes shell code from registry. |
|
|