Introduction When creating a malware, for adversary simulation or even if you’re a malware researcher, who is analyzing a sample, you may have come across this technique, where the actual malware dropper runs the actual malicious piece of code in memory. This skips the necessity of having a file to the disk, which can get detected by AV Softwares. Although, actual malware samples and APT groups use better obfuscation techniques to evade Anti-Virus, but we can learn the basic techniques used.