SHELLCODE STAGE
As usal the shellcode has a first step decryption routine (simply xor)
followed by dll loading and finding external function reference address:
Then the 2nd stage malware is downloaded and stored in special local path file name f.exe
and is executed
No comments:
Post a Comment