Over the last few months we saw that Locky’s loader uses seed parameter to execute properly. This method was probably used to prevent sandboxing, since it will not execute without the correct parameter. Afterwards, we saw Locky shift itself from an EXE to Dynamic Link Library (DLL).
Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.