In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a target portion of code in the research database with all the calls present in it. We also demonstrate how to automatically propagate... Click to Read More
The post Labeless: How to Dump and Auto-Resolve WinAPI Calls in LockPos Point-of-Sale Malware appeared first on Check Point Research.
Article Link: http://research.checkpoint.com/19558-2/