badfile.exe – Part 3 – Behavioral/Static Analysis

So far, we have discovered that interacting with the web server hosted at 104.236.149.39 will reveal a bunch of random bytes, which actually represent a Windows executable file.  It would be reasonable to assume that the communication with this web server was initiated by a malware downloader (not to be confused with a dropper). In […]