{"id":4606,"date":"2013-12-07T23:14:46","date_gmt":"2013-12-07T14:14:46","guid":{"rendered":"http:\/\/apollo89.com\/wordpress\/?p=4606"},"modified":"2013-12-11T22:58:49","modified_gmt":"2013-12-11T13:58:49","slug":"%ec%8b%a4%ec%a0%84-%ec%95%85%ec%84%b1%ec%bd%94%eb%93%9c%ec%99%80-%eb%a9%80%ec%9b%a8%ec%96%b4-%eb%b6%84%ec%84%9d-3%ec%9e%a5-%ea%b8%b0%ec%b4%88-%eb%8f%99%ec%a0%81-%eb%b6%84%ec%84%9d-%ec%8b%a4%ec%8a%b5-2","status":"publish","type":"post","link":"https:\/\/apollo89.com\/wordpress\/?p=4606","title":{"rendered":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2"},"content":{"rendered":"

 <\/p>\n

Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4.
\n\uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4.
\n<\/strong><\/p>\n

\"Practical_Malware_Analysis\"<\/a>
\n[\uad6c\ub9e4\ud558\uae30]<\/a><\/p>\n

\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-2<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-3<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-4<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-1<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-3<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-4<\/a><\/p>\n

\uc2e4\uc2b5\ubb38\uc81c \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\ub294 \uacf3 : http:\/\/nostarch.com\/malware<\/a><\/p>\n

\uc2e4\uc2b5 3-2
\n\uae30\ucd08 \ub3d9\uc801\ubd84\uc11d \ub3c4\uad6c\ub97c \uc774\uc6a9\ud574 Lab03-02.dll \ud30c\uc77c\uc5d0\uc11c \ubc1c\uacac\ub41c \uc545\uc131\ucf54\ub4dc\ub97c \ubd84\uc11d\ud558\ub77c.<\/p>\n

\uc9c8\ubb38
\n1. \uc545\uc131\ucf54\ub4dc \uc790\uccb4\uac00 \uc5b4\ub5bb\uac8c \uc124\uce58\ub410\ub294\uac00?
\nA : \uba3c\uc800 \uc545\uc131\ucf54\ub4dc \ud30c\uc77c\uc744 \ubcf4\ub2c8 DLL \ud30c\uc77c\uc774\ub2e4. DLL\uc744 \uc124\uce58\ud558\ub824\uba74 rundll23.exe \uc744 \uc0ac\uc6a9\ud574\uc11c \uc124\uce58\uc744 \ud574\uc57c \ud560 \uac83\uc73c\ub85c \ubcf4\uc778\ub2e4.
\n\uadf8\ub798\uc11c Dependency Walker\ub97c \uc0ac\uc6a9\ud574\uc11c Lab03-02.dll\uc5d0\uc11c \uc775\uc2a4\ud3ec\ud2b8\ub41c \ud568\uc218\ub97c \ud655\uc778\ud574\ubcf4\uc558\ub2e4.
\n\"3-2-1\"<\/p>\n

\ud655\uc778\ud574\ubcf4\ub2c8 5\uac1c\uc758 \uc775\uc2a4\ud3ec\ud2b8 \ud568\uc218\uac00 \uc788\uc5c8\uace0, \uc545\uc131\ucf54\ub4dc \uc124\uce58\ub97c \uc704\ud574 \uc544\ub798\uc640 \uac19\uc774 \uc2e4\ud589\ud558\uc600\ub2e4.
\n\"3-2-2\"<\/p>\n

\uadf8\ub9ac\uace0 \uc124\uce58\ub41c \ud6c4 \uc2a4\ub0c5\uc0f7\uc744 \ud655\uc778\ud574\ubcf4\ub2c8 \uc544\ub798\uc640 \uac19\uc774 \ub808\uc9c0\uc2a4\ud2b8\ub9ac\uc5d0 \ubcc0\ud654\uac00 \uc788\ub294 \uac83\uc744 \ud655\uc778\ud588\ub2e4.
\n\"3-2-3\"<\/p>\n

2. \uc124\uce58 \ud6c4 \uc545\uc131\ucf54\ub4dc\ub97c \uc5b4\ub5bb\uac8c \uc2e4\ud589\ud560 \uc218 \uc788\ub294\uac00?
\nA : \uc704\uc758 \uc2a4\ub0c5\uc0f7\uc73c\ub85c \ubcf4\uc544 \ud574\ub2f9 \uc545\uc131\ucf54\ub4dc\ub294 IPRIP \uc11c\ube44\uc2a4\ub85c \uad6c\ub3d9\ud558\ub294 \uac83\uc73c\ub85c \ubcf4\uc778\ub2e4.
\n\ud655\uc778\ud558\uae30 \uc704\ud574 strings\ub97c \uc2e4\ud589\ud574\ubcf4\uc558\ub2e4.<\/p>\n

Strings v2.51\r\nCopyright (C) 1999-2013 Mark Russinovich\r\nSysinternals - www.sysinternals.com\r\n\r\n!This program cannot be run in DOS mode.\r\nRich\r\n...\r\nGetModuleFileNameA\r\nSleep\r\nTerminateThread\r\nWaitForSingleObject\r\nGetSystemTime\r\nCreateThread\r\nGetProcAddress\r\nLoadLibraryA\r\nGetLongPathNameA\r\nGetTempPathA\r\nReadFile\r\nCloseHandle\r\nCreateProcessA\r\nGetStartupInfoA\r\nCreatePipe\r\nGetCurrentDirectoryA\r\nGetLastError\r\nlstrlenA\r\nSetLastError\r\nOutputDebugStringA\r\nKERNEL32.dll\r\nRegisterServiceCtrlHandlerA\r\nRegSetValueExA\r\nRegCreateKeyA\r\nCloseServiceHandle\r\nCreateServiceA\r\nOpenSCManagerA\r\nRegCloseKey\r\nRegQueryValueExA\r\nRegOpenKeyExA\r\nDeleteService\r\nOpenServiceA\r\nSetServiceStatus\r\nADVAPI32.dll\r\nWSASocketA\r\nWS2_32.dll\r\nInternetReadFile\r\nHttpQueryInfoA\r\nHttpSendRequestA\r\nHttpOpenRequestA\r\nInternetConnectA\r\nInternetOpenA\r\nInternetCloseHandle\r\nWININET.dll\r\nmemset\r\nwcstombs\r\nstrncpy\r\nstrcat\r\nstrcpy\r\natoi\r\nfclose\r\nfflush\r\nfwrite\r\nfopen\r\nstrrchr\r\natol\r\nsscanf\r\nstrlen\r\nstrncat\r\nstrstr\r\n_itoa\r\nstrchr\r\n__CxxFrameHandler\r\n_EH_prolog\r\n_CxxThrowException\r\n_except_handler3\r\nMSVCRT.dll\r\nfree\r\n_initterm\r\nmalloc\r\n_adjust_fdiv\r\n_strnicmp\r\n_chdir\r\n_stricmp\r\nLab03-02.dll\r\nInstall\r\nServiceMain\r\nUninstallService\r\ninstallA\r\nuninstallA\r\nY29ubmVjdA==\r\npracticalmalwareanalysis.com\r\nserve.html\r\ndW5zdXBwb3J0\r\nc2xlZXA=\r\nY21k\r\ncXVpdA==\r\n Windows XP 6.11\r\nCreateProcessA\r\nkernel32.dll\r\n.exe\r\nGET\r\nHTTP\/1.1\r\n%s %s\r\n1234567890123456\r\nquit\r\nexit\r\ngetfile\r\ncmd.exe \/c \r\nABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+\/\r\n--!>\r\n<!--\r\n.PAX\r\n.PAD\r\nDependOnService\r\nRpcSs\r\nServiceDll\r\nGetModuleFileName() get dll path\r\nParameters\r\nType\r\nStart\r\nObjectName\r\nLocalSystem\r\nErrorControl\r\nDisplayName\r\nDescription\r\nDepends INA+, Collects and stores network configuration and location information, and notifies applications when this information changes.\r\nImagePath\r\n%SystemRoot%\\System32\\svchost.exe -k \r\nSYSTEM\\CurrentControlSet\\Services\\\r\nCreateService(%s) error %d\r\nIntranet Network Awareness (INA+)\r\n%SystemRoot%\\System32\\svchost.exe -k netsvcs\r\nOpenSCManager()\r\nYou specify service name not in Svchost\/\/netsvcs, must be one of following:\r\nRegQueryValueEx(Svchost\\netsvcs)\r\nnetsvcs\r\nRegOpenKeyEx(%s) KEY_QUERY_VALUE success.\r\nRegOpenKeyEx(%s) KEY_QUERY_VALUE error .\r\nSOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\r\nIPRIP\r\nuninstall success\r\nOpenService(%s) error 2\r\nOpenService(%s) error 1\r\nuninstall is starting\r\n...<\/pre>\n
SYSTEM\\CurrentControlSet\\Services\\, SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost \ub4f1\uacfc \uac19\uc774 \ub808\uc9c0\uc2a4\ud2b8\ub9ac\ub3c4 \ubcf4\uc774\uace0, \uc11c\ube44\uc2a4\uad00\ub828 \ud568\uc218\ub4e4\uacfc HTTP \ud568\uc218\ub4e4\ub3c4 \ubcfc \uc218 \uc788\uace0, \uc11c\ube44\uc2a4 \uad00\ub828 \ubb38\uad6c\ub4e4\uacfc http \uad00\ub828 string\uc744 \ud655\uc778\ud574\ubcfc \uc218 \uc788\ub2e4.
\n\uadf8\ub9ac\uace0 \uc778\ud130\ub137 \uc8fc\uc18c(practicalmalwareanalysis.com)\uc640 uri(serve.html) \uc640 base64\uc73c\ub85c \uc778\ucf54\ub529\ub41c \uac83\uc73c\ub85c \ubcf4\uc774\ub294 \ubb38\uc790\uc5f4\ub3c4 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
3. \uc545\uc131\ucf54\ub4dc\uac00 \ub3d9\uc791\ud560 \ub54c \uc5b4\ub5a4 \ud504\ub85c\uc138\uc2a4\ub97c \ubc1c\uacac\ud560 \uc218 \uc788\ub294\uac00?
\nA : \ub3d9\uc801\ubd84\uc11d\uc744 \uc704\ud574 \uc900\ube44\ub97c \ud558\uace0 \ud574\ub2f9 \uc545\uc131\ucf54\ub4dc\ub97c \uad6c\ub3d9\uc2dc\ucf1c \ubcf4\uc558\ub2e4.
\n\"3-2-4\"<\/p>\n
\uc545\uc131\ucf54\ub4dc\ub294 \uc11c\ube44\uc2a4\uc774\ubbc0\ub85c svchost.exe \ud504\ub85c\uc138\uc2a4\ub85c \uad6c\ub3d9\uc774 \ub420 \uac83\uc73c\ub85c \ubcf4\uc778\ub2e4. \ud558\uc9c0\ub9cc \ud504\ub85c\uc138\uc2a4 \ub9ac\uc2a4\ud2b8\uc5d0\uc11c\ub294 svchost.exe\uac00 \uc5ec\ub7ec\uac1c\uc774\uace0 \uc18d\uc131\ub9cc\uc73c\ub85c\ub294 \uc5b4\ub5a4 \ud504\ub85c\uc138\uc2a4\uac00 \uc545\uc131\uc778\uc9c0 \ud655\uc778\uc774 \uc548\ub418\uc11c File > Find Handle or DLL..\uc744 \uc0ac\uc6a9\ud574 Lab03-02.dll\uc744 \ucc3e\uc544\ubcf4\ub2c8, 1128 PID\ub97c \uac00\uc9c0\ub294 \ud504\ub85c\uc138\uc2a4\uac00 \ubc94\uc778\uc784\uc744 \ud655\uc778\ud588\ub2e4.
\n\"3-2-5\"<\/p>\n
\"3-2-6\" \"3-2-7\"<\/p>\n
4. \uc815\ubcf4\ub97c \uc218\uc9d1\ud558\ub294 ProcMon\uc744 \uc0ac\uc6a9\ud558\uae30 \uc704\ud574 \uc5b4\ub5a4 \ud544\ud130\ub97c \uc124\uc815\ud588\ub294\uac00?
\nA : \uc704\uc758 Process Explorer\uc5d0\uc11c \ud655\uc778\ud55c PID(1128)\ub97c \ud544\ud130\ub85c \uc0ac\uc6a9\ud558\uba74 \ub41c\ub2e4.
\n\ud558\uc9c0\ub9cc \ub098\ub294 \ubcf4\ud1b5 ProcMon\ubcf4\ub2e4\ub294 \uc2dc\uc2a4\ud15c \uc775\uc2a4\ud50c\ub85c\ub7ec\uc758 \uc2a4\ub0c5\uc0f7 \uae30\ub2a5\uc744 \ub354 \uc560\uc6a9\ud558\ub294 \ud3b8\uc774\ub2e4.
\n\ud30c\uc77c\uacfc \ub808\uc9c0\uc2a4\ud2b8\ub9ac\ub97c \ub3d9\uc2dc\uc5d0 \ubcfc \uc218 \uc788\uace0, tree\ud615\ud0dc \ub610\ub294 text \ud615\ud0dc\ub97c \ubcc0\ud654\ub97c \ubcfc \uc218 \uc788\uc5b4\uc11c \ud3b8\ud558\ub2e4.
\n\"3-2-8\" \"3-2-9\"<\/p>\n
5. \uc545\uc131\ucf54\ub4dc\uc784\uc744 \uc758\ubbf8\ud558\ub294 \ud638\uc2a4\ud2b8 \uae30\ubc18 \ud45c\uc2dc\uc790\ub294 \ubb34\uc5c7\uc778\uac00?
\nA : \ud574\ub2f9 \uc545\uc131\ucf54\ub4dc\uc758 \ud2b9\uc9d5 \uc911 \ud558\ub098\ub294 IPRIP \uc11c\ube44\uc2a4\ub97c \ub4f1\ub85d\ud558\ub294 \uac83\uc774\uba70, \uc11c\ube44\uc2a4\uc758 \uc124\uba85\uc774 “Depends INA+, Collects and stores network configuration and location information, and notifies applications when this information changes.” \uc73c\ub85c \ud45c\uc2dc\ub41c\ub2e4.
\n\"3-2-10\"<\/p>\n
\uadf8\ub9ac\uace0 \ub808\uc9c0\uc2a4\ud2b8\ub9ac\uc5d0 ServiceDll\uc744 \uc815\uc758\ud558\ub294\ub370 dll \ud30c\uc77c\uba85\uc744 \uadf8\ub300\ub85c \uc0ac\uc6a9\ud55c\ub2e4.
\n\"3-2-11\"<\/p>\n
6. \uc545\uc131\ucf54\ub4dc\uc5d0\uc11c \uc720\uc6a9\ud55c \ub124\ud2b8\uc6cc\ud06c \uae30\ubc18 \uc2dc\uadf8\ub2c8\uccd0\uac00 \uc874\uc7ac\ud558\ub294\uac00?
\nA : \uc545\uc131\ucf54\ub4dc\ub97c \uc2e4\ud589\ud6c4 \ud328\ud0b7\uc744 Wireshark \ub97c \ud1b5\ud574 practicalmalwareanalysis.com \ub3c4\uba54\uc778\uc5d0 \ub300\ud574 dns \uc9c8\uc758\ub97c \ud558\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc5c8\ub2e4.
\n\"3-2-12\"<\/p>\n
hosts \ud30c\uc77c\uc5d0 \ud574\ub2f9 \ub3c4\uba54\uc778\uc744 \uc124\uc815\ud558\uace0 \uc751\ub2f5\uc744 \ubc1b\uc544\ubcf4\ub2c8 \uc544\ub798\uc640 \uac19\uc774 GET\uc73c\ub85c \/serve.html \ud30c\uc77c\uc744 \uc694\uccad\ud558\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc5c8\ub2e4.
\n\"3-2-13\"<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[658,1266],"tags":[1265,236],"class_list":["post-4606","post","type-post","status-publish","format-standard","hentry","category-book-2","category-reversing","tag-malware-analysis","tag-236"],"yoast_head":"\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/apollo89.com\/wordpress\/?p=4606\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com\" \/>\n<meta property=\"og:description\" content=\"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/apollo89.com\/wordpress\/?p=4606\" \/>\n<meta property=\"og:site_name\" content=\"Apollo89.com\" \/>\n<meta property=\"article:published_time\" content=\"2013-12-07T14:14:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-12-11T13:58:49+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg\" \/>\n<meta name=\"author\" content=\"apollo89\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"apollo89\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606\"},\"author\":{\"name\":\"apollo89\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"headline\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2\",\"datePublished\":\"2013-12-07T14:14:46+00:00\",\"dateModified\":\"2013-12-11T13:58:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606\"},\"wordCount\":114,\"commentCount\":6,\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"keywords\":[\"Malware Analysis\",\"\ub3c5\uc11c\"],\"articleSection\":[\"Reading\",\"Reversing\"],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606\",\"name\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"datePublished\":\"2013-12-07T14:14:46+00:00\",\"dateModified\":\"2013-12-11T13:58:49+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#primaryimage\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"contentUrl\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"width\":301,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=4606#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\ud648\",\"item\":\"https:\\\/\\\/apollo89.com\\\/wordpress\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/\",\"name\":\"Apollo89.com\",\"description\":\"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\",\"name\":\"apollo89\",\"description\":\"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/apollo89.com\/wordpress\/?p=4606","og_locale":"ko_KR","og_type":"article","og_title":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com","og_description":"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →","og_url":"https:\/\/apollo89.com\/wordpress\/?p=4606","og_site_name":"Apollo89.com","article_published_time":"2013-12-07T14:14:46+00:00","article_modified_time":"2013-12-11T13:58:49+00:00","og_image":[{"url":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","type":"","width":"","height":""}],"author":"apollo89","twitter_card":"summary_large_image","twitter_misc":{"\uae00\uc4f4\uc774":"apollo89","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"2\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#article","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606"},"author":{"name":"apollo89","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"headline":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2","datePublished":"2013-12-07T14:14:46+00:00","dateModified":"2013-12-11T13:58:49+00:00","mainEntityOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606"},"wordCount":114,"commentCount":6,"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","keywords":["Malware Analysis","\ub3c5\uc11c"],"articleSection":["Reading","Reversing"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/apollo89.com\/wordpress\/?p=4606#respond"]}]},{"@type":"WebPage","@id":"https:\/\/apollo89.com\/wordpress\/?p=4606","url":"https:\/\/apollo89.com\/wordpress\/?p=4606","name":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2 - Apollo89.com","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#primaryimage"},"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","datePublished":"2013-12-07T14:14:46+00:00","dateModified":"2013-12-11T13:58:49+00:00","author":{"@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"breadcrumb":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/apollo89.com\/wordpress\/?p=4606"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#primaryimage","url":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","contentUrl":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","width":301,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/apollo89.com\/wordpress\/?p=4606#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\ud648","item":"https:\/\/apollo89.com\/wordpress"},{"@type":"ListItem","position":2,"name":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2"}]},{"@type":"WebSite","@id":"https:\/\/apollo89.com\/wordpress\/#website","url":"https:\/\/apollo89.com\/wordpress\/","name":"Apollo89.com","description":"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/apollo89.com\/wordpress\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82","name":"apollo89","description":"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.","url":"https:\/\/apollo89.com\/wordpress\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/4606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4606"}],"version-history":[{"count":0,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/4606\/revisions"}],"wp:attachment":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}