This post was originally published on this site

Last week, I was teaching FOR610 in Amsterdam. When we review ASM, we have a module about the difference in 32-bits VS. 64-bits code (how parameters are passed to functions/API calls, calling convention, etc). It's important to have an understanding of this because most computers are build around a 64-bits CPU today. But attackers are still deploying a lot of 32-bits malware for compatibility reasons and also because this code can be run without (if you respect Microsoft guidelines and API's) problems. A student asked me if there was a lot of native 64-bits malware in the wild. Is there a real trend? I decided to have a look at a bunch of samples and see practically if this trend was real.