In depth analysis of Caphaw/Shylock from “FirefoxUpdate.exe” campaign – Part 3

We are finally at the end of our Caphaw/Shylock analysis. This time we will deal entirely with the code injected into explorer.exe process, the context will be a little more complex than previous episodes┬ábecause we will work within a multithreaded environment.┬áThe injected code will identify an active domain (DGA based) in order to download other […]