Yeah you're correct. I previously updated the video description to mention my oversight there. "Note: In the video I call out a section at 11:14 around the string 'malware called ResumeThread' this is actually part of the Hooked functions library of ScyllaHide an anti-anti-debug library and not the malware itself. This is an oversight on my behalf."

@@cyberraiju Sorry, hadn't noticed that, and wasn't a criticism - I'm working on something similar and had found the same shell code/strings and wanted some confirmation that I was understanding things correctly. Thank you for your videos, been very helpful to me.

@ownagesbot54 ahh no worries at all, apologies if my previous comment came across blunt 😌 Thanks for the kind words! Super glad they have been helpful, and wishing you the best with your analysis 🙏