I am writitng a basic malware. it is kind of ransomware and other fucntions , but I am here to question something. how people spread their malware over the network? by copying itself and keeping the orignal where was download or should I spawn another process delete original and move to actual process to continue ? or just copying itself to every location and run without remove orignal?
this is my structure of my malware
- Modular - can be expanded at runtime with more modules
- Basic functionality has small binary
- Anti_checks (vm,sandox,re,debugger)
- Hides in legitimate dll in process
- encrypt files