Figure2 | WeLiveSecurity

Figure2

Figure 2. _initterm pointer array of a legitimate application with pointer to banker’s shellcode at the end.