Portable Executable (PE) File – WOW64 processes
WOW64 architecture WOW64-sandboxed processes (x86 processes running in x64 environment)
WOW64 architecture WOW64-sandboxed processes (x86 processes running in x64 environment)
Incident Handling: Is this malware packed? Incident Handling: Is this malware a dropper or a downloader? Incident Handling: Does it […]
DOS Header Fields Values Explanation e_magic ‘MZ’ constant signature e_lfanew 0x40 offset of the PE Header PE Header Fields Values […]
Malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell […]
In malware analysis, mainly can separate into two types, which are manual analysis and automatic analysis. In manual analysis, it […]