Init1

ServiceMain

DllMain

Main Thread

Figure 1: API function address resolving (if just one fails, the rest is skipped)

Figure 2: Retrieving of the encrypted registry data stored by the 3rd Dropper (see Part 2)

Figure 4: Malware checks if a key was pressed

Final random Parts

Appendix