Portable Executable (PE) File – WOW64 processes
WOW64 architecture WOW64-sandboxed processes (x86 processes running in x64 environment)
WOW64 architecture WOW64-sandboxed processes (x86 processes running in x64 environment)
Incident Handling: Is this malware packed? Incident Handling: Is this malware a dropper or a downloader? Incident Handling: Does it […]
Using PE header information for static analysis Threat Intelligence: When was this sample created? Threat Intelligence: What’s the country of […]
DOS Header Fields Values Explanation e_magic ‘MZ’ constant signature e_lfanew 0x40 offset of the PE Header PE Header Fields Values […]
PE file? Features of the PE structure When the binary is executed