Figure2

Figure2

Figure 2. _initterm pointer array of a legitimate application with pointer to banker’s shellcode at the end.