![]() The Loader is what we will be looking at. This unpacked sample is known as the Loader. Today, we will continue where we left off, extract the unpacked sample from memory and continue the analysis. ![]() ![]() In that article, we briefly explained this technique and used OllyDbg to illustrate the different steps. It has been quite some time since the article “ Malware Analysis – Dridex & Process Hollowing” where we went over the analysis of banking trojan known as Dridex and how it leverages a technique known as process hollowing to extract an unpacked version of itself into memory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |