Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Lockbit's DLL Name Seeding Technique for API Hashing - Part 5

Dr Josh Stroschein via YouTube

Start learning Write review
Simplilearn Ad

Build AI Apps with Azure, Copilot, and Generative AI — Microsoft Certified

Learn More → Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the intricacies of Lockbit's runtime-linking technique in this 14-minute video tutorial. Delve into how Lockbit utilizes the DLL name as a seed for API hashing, a unique twist on standard malware techniques. Learn to identify the image_base, parse the image DOS header, and understand DATA Directories. Examine the IMAGE_EXPORT_DIRECTORY and AddressOf* functions. Discover how the DLL name generates checksums that serve as seeds for API name computation. Gain insights into the UNICODE structure and its relevance. Enhance your reverse engineering skills and grasp the broader implications of these techniques on malware analysis efforts.

Syllabus

Finding the image_base
Parsing the image dos header
DATA Directories
The IMAGE_EXPORT_DIRECTORY
AddressOf*
Checksum from a DLL name - where the seeds come from
Brief note on the UNICODE structure

Taught by

Dr Josh Stroschein

Reviews

Start your review of Lockbit's DLL Name Seeding Technique for API Hashing - Part 5

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.