Disassembler and Runtime Analysis

By Talos Group This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the […]

Source:: Cisco Security Notice