have been in the field for years gerridaeThe objects stored in this hash map consist of the system services entry point, a pointer to an analysis function, a counter, and a subordinate data structure that is used to represent function arguments Functionality to taint memory regions manually was introduced as well as removing taint information or query certain memory areas for the corresponding taint status For each interface that is successfully requested from such a component we register hooks for their QueryInterface methods plasmatronIn this section we take a closer look under the hood of COM and reveal some of its magic To this end we have chosen some system service calls that we deem interesting to monitor This is an important fact of our later discussion These malware programs usually consist of a decryption routine and the encrypted payload ion cannonThis section covers components in the sense of the COM and how they are used