• TheOneCurly@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Although the binary does not raise suspicions of being packed, as its entropy is not high enough, the presence of API calls to functions like malloc, memmove and memcmp indicates that it can allocate memory to perform malicious functions.

    Allocating memory is suspicious?