Formbook Reversing -Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
In this first part I will be focusing on "Loader" stage of Formbook malware which is responsible for decoding, decrypting, unpacking and injecting a real Formbook code via Process Hollowing method.