While the NavigateTarget source heavily relies on the analysis of COM, the TCP packets taint source focues on TCP traffic that is received by the target system , we presented the implementation of TQAna - A novel behavior-based malware detection tool, based on the concepts of taint analysis and dynamic analysis by observing system service calls as well as COM activity plasmatron is used upon start of execution of a function the return address resides on top the stack dll is by setting up the stack appropriately and calling the system services by themselves ion sourceWhat is common to all taint sources is that they need to identify a certain region in memory that they want to taint and that a taint source can only produce good tainted areas Line 16 denotes that the tainted data that is written is actually bad tainted and line 14 lists the tainted contents of the buffer that is written - which as expected matches the entered URL gerridaeThis approach has the benefit that with good signatures a precise detection is possible and only a few erroneous detections, so-called false positives, occur