During the analysis of a worm (MD5: F992D9B391C04E1077FD93E22F40822C) i stumbled on a pretty common way to obfuscate API calling the routine takes two parameters: an array of API names and an array of dwords used to store resolved addresses. Even if this technique is pretty straightforward and trivial, it’s annoying reading the dissassembly without knowing [...]