Explore runtime-linking techniques used by Lockbit ransomware in this 16-minute video tutorial. Dive into how the malware leverages the EXPORT_DIRECTORY structure to locate APIs and utilizes DLL name seeds for computing checksum values to identify necessary functions. Learn about the process of extracting API names, navigating the export directory structure, and debugging to observe API names in action. Discover the significance of precomputed value matches and gain insights into efficient methods for API identification. Enhance your understanding of malware analysis and reverse engineering techniques through this in-depth examination of Lockbit's sophisticated runtime-linking mechanisms.
Finding Functions from Export Directory and Using Seeds for API Checksums - Part 6