Figure 1: Overview of the malware components

The Initial Dropper

Figure 2: Anti Emulation code

Figure 3: Overview of the Initial Dropper

The Downloader (netids.dll)

Main Thread

Sub-Thread

Figure 4: Malware's network traffic to the Server and back

Appendix