When pre-computing these hashes over different Windows DLLs commonly used in schemes like this, it is possible to map out these hash values and the corresponding Windows function name using open-source tools like theMITRE malchive. We have seen this behavior in many different malware families be...