This Bagle-related downloader appeared on November 1st, 2005. The
dropper for the downloader DLL was spammed in e-mails to a large
amount of people as LOADER.EXE.
Detailed Description
When the dropper is run, it copies itself as HLOADER_EXE.EXE file
to Windows System folder and creates a startup key for this file
in the Registry. Then the dropper extracts a DLL file named
HLEADER_DLL.DLL to the same folder and injects it into Explorer
process. The DLL file is the downloader that tries to download a
file from several different sites and to activate it.
