![]() ![]() We need to look at what is ReadFile reading, so we need to place a breakpoint at this statement. To see if our understanding is correct or not, let’s see ReadFile referencesīelow what we can see is the ReadFile reference in the code. ![]() ![]() If you recall, we saw an encrypted version of a. This looks like specimen is trying to read some file and also call Windows decryption function. Nice we see references to ReadFile and CryptDecrypt. ![]()
0 Comments
Leave a Reply. |