A recent analysis of a suspicious trojan loader reveals similarities to the APT-C-00 (Ocean Lotus) group, a government-backed hacker organization targeting East Asian companies and government agencies. The sample, a DLL file with excellent evasion capabilities, uses hash algorithms to dynamically obtain API functions. It creates a mutex for single-instance execution, validates command-line parameters, adds itself to the registry for persistence, and sets up a VEH exception handler. The loader employs module hollowing to replace code in certmgr.dll with shellcode that reflectively loads the Havoc RAT. The tactics and development environment align with Ocean Lotus' known techniques, including the use of Mingw-w64 and similar initialization processes.