Points of interest Standard Win32 APIs / C. Code injection (operation within a context of a trusted process). Standard HTTP communication. Storing required components as binary resources in the loader and extracting them on-the-fly.
Points of interest - continued Clean un-install (ADS). UPX packing. Social Engineering (harder human detection).
Conclusions Standard protection schemes can be easily bypassed. Detection is very difficult on low footprint operation. New protection schemes shall protect processes from code injection. New protection approaches ?