. The IID is for IWebBrowser2, and the CLSID is for Internet Explorer.

As shown in the following listing, the COM object returned by CoCreateInstance is accessed a few instructions later at ❶.

.

After the call to Navigate, there are a few cleanup functions and then the program ends. The program doesn’t install itself persistently, and it doesn’t modify the system. It simply displays a one-time advertisement.

When you encounter a simple program like this one, you should consider it suspect. It may come packaged with additional malware, of which this is just one component.