Recent versions of Zloader, a Zeus-based modular trojan, have introduced significant enhancements to its functionality. These updates include improved obfuscation techniques, anti-analysis strategies, and network communication methods. The malware now supports WebSockets and has modified its DNS tunneling protocol, replacing TLS encryption with a custom algorithm. New LDAP functions have been added to improve network discovery and lateral movement capabilities. Zloader continues to evolve its evasion tactics, including checks for process integrity levels to avoid detection in sandbox environments. The malware has also removed its Domain Generation Algorithm and made changes to its static configuration format. These updates demonstrate Zloader's ongoing development as a sophisticated tool for initial access and potential ransomware deployment.