Two commonly encountered types of malware are downloaders and launchers. Downloaders simply download another piece of malware from the Internet and execute it on the local system. Downloaders are often packaged with an exploit. Downloaders commonly use the Windows API URLDownloadtoFileA, followed by a call to WinExec to download and execute new malware.

A launcher (also known as a loader) is any executable that installs malware for immediate or future covert execution. Launchers often contain the malware that they are designed to load. We discuss launchers extensively in Chapter 12.