{"id":5477,"date":"2014-01-10T22:15:13","date_gmt":"2014-01-10T13:15:13","guid":{"rendered":"http:\/\/apollo89.com\/wordpress\/?p=5477"},"modified":"2014-01-15T13:47:32","modified_gmt":"2014-01-15T04:47:32","slug":"%ec%8b%a4%ec%a0%84-%ec%95%85%ec%84%b1%ec%bd%94%eb%93%9c%ec%99%80-%eb%a9%80%ec%9b%a8%ec%96%b4-%eb%b6%84%ec%84%9d-5%ec%9e%a5-ida-pro","status":"publish","type":"post","link":"https:\/\/apollo89.com\/wordpress\/?p=5477","title":{"rendered":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)"},"content":{"rendered":"

 <\/p>\n

Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4.
\n\uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4.
\n<\/strong><\/p>\n

\"Practical_Malware_Analysis\"<\/a>
\n[\uad6c\ub9e4\ud558\uae30]<\/a><\/p>\n

\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-2<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-3<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-4<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-1<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-2<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-3<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 3\uc7a5 \uae30\ucd08 \ub3d9\uc801 \ubd84\uc11d \uc2e4\uc2b5 3-4<\/a>
\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)<\/a><\/p>\n

\uc2e4\uc2b5\ubb38\uc81c \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\ub294 \uacf3 : http:\/\/nostarch.com\/malware<\/a><\/p>\n

\uc2e4\uc2b5 5-1
\nIDA Pro \ub9cc\uc744 \uc774\uc6a9\ud574 \ud30c\uc77c Lab05-01.dll \ub0b4\uc758 \uc545\uc131\ucf54\ub4dc\ub97c \ubd84\uc11d\ud558\ub77c. \uc774\uc2e4\uc2b5\uc758 \ubaa9\uc801\uc740 IDA Pro\ub97c \uc9c1\uc811 \ub2e4\ub8e8\ub294\ub370 \uc788\ub2e4. \uc774\ubbf8 IDA Pro\ub97c \uc0ac\uc6a9\ud574 \ubcf8 \uc801\uc774 \uc788\uc73c\uba74 \ub2e4\uc74c \ubb38\uc81c\ub97c \ubb34\uc2dc\ud558\uace0 \uc545\uc131\ucf54\ub4dc \ub9ac\ubc84\uc2f1\uc5d0 \ucd08\uc810\uc744 \ub9de\ucdb0\ub3c4 \uc88b\ub2e4.<\/p>\n

\uc9c8\ubb38
\n1. DllMain\uc758 \uc8fc\uc18c\ub294 \ubb34\uc5c7\uc778\uac00?
\nA: IDA Pro\ub97c \uc2dc\uc791\ud558\uace0 Lab05-01.dll\uc744 \ub85c\ub4dc\ud558\uba74 \ubc14\ub85c DllMain\uc774 \ubcf4\uc778\ub2e4. \uc8fc\uc18c\ub294 : 0x1000D02E
\n\"5-1-1\"<\/p>\n

2. Imports \uc708\ub3c4\uc6b0\ub97c \uc774\uc6a9\ud574 gethostbyname\uc744 \ud0d0\uc0c9\ud574\ubcf4\uc790. \uc784\ud3ec\ud2b8 \uc704\uce58\ub294 \uc5b4\ub514\uc778\uac00?
\nA: Imports \uc708\ub3c4\uc6b0\ub97c \uc5f4\uc5b4 gethostbyname\ub97c \ud655\uc778\ud574\ubcf4\uc558\ub2e4. \uc8fc\uc18c\ub294 : 0x100163CC
\n\"5-1-2\"<\/p>\n

3. gethostbyname\uc5d0 \ud568\uc218\ub294 \uba87 \uac1c\uc778\uac00?
\nA: \uc704\uc758 Imports \uc5d0\uc11c \ucc3e\uc740 gethostbyname \ud568\uc218\ub97c \ub354\ube14 \ud074\ub9ad\ud574\ubcf4\uba74 IDA View \uc5d0\uc11c \uc704\uce58\ub97c \ud655\uc778\ud560\uc218 \uc788\ub2e4.
\n\"5-1-3\"<\/p>\n

\uc5ec\uae30\uc11c Ctrl+x\ub97c \ub20c\ub7ec \uc0c1\ud638\ucc38\uc870\ub97c \ud655\uc778\ud558\uba74,
\n\"5-1-4\"<\/p>\n

5\uac1c\uc758 \ud568\uc218(sub_10001074, sub_10001365, sub_10001656, sub_1000208F, sub_10002CCE)\uc5d0\uc11c 9\ubc88\uc758 \ud638\ucd9c\uc774 \uc788\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.(p\ub294 \ud638\ucd9c\ub418\ub294 \ubd80\ubd84, r\uc740 \uc77d\ub294 \ubd80\ubd84)<\/p>\n

4. 0x10001757\uc5d0 \uc704\uce58\ud55c gethostbyname \ud638\ucd9c\uc744 \ubcf4\uba74 \uc5b4\ub5a4 DNS\uc694\uccad\uc774 \uc774\ub904\uc9c0\ub294\uc9c0 \uc54c \uc218 \uc788\ub294\uac00?
\nA: \uba3c\uc800 G\ud0a4\ub97c \ub20c\ub7ec \ud574\ub2f9 \uc704\uce58\ub85c \uc774\ub3d9\ud55c\ub2e4.
\n\"5-1-6\"<\/p>\n

\ud574\ub2f9\uc704\uce58\uc5d0 \uac00\ubcf4\uba74 gethostbyname \ud638\ucd9c\ud558\ub294 \ubd80\ubd84\uc774 \ubcf4\uc774\uace0 \uc870\uae08\uc704\uc5d0 off_10019040 \uc5d0 0Dh\ub97c \ub354\ud55c\uac12\uc744 \ud30c\ub77c\ubbf8\ud130\ub85c \uc804\ub2ec\ud558\uc5ec \ud638\ucd9c\ud558\ub294 \ubd80\ubd84\uc774 \ubcf4\uc778\ub2e4.<\/p>\n

off_10019040 \uc744 \ub354\ube14\ud074\ub9ad\ud558\uc5ec \ub530\ub77c\uac00\ubcf4\uba74,
\n\"5-1-5\"<\/p>\n

[This is RDO]pics.praticalmalwareanalysis.com \ubb38\uc790\uc5f4\uc744 \ud655\uc778\ud560\uc218 \uc788\uace0 0Dh\ub294 13\uc774\ubbc0\ub85c 13\uc790 \ub4a4\ubd80\ud130\uc778 pics.praticalmalwareanalysis.com\uc744 \uc804\ub2ec\ud558\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n

5. 0x10001656\uc5d0 \uc788\ub294 \uc11c\ube0c\ub8e8\ud2f4\uc5d0\uc11c IDA Pro\ub294 \uc9c0\uc5ed\ubcc0\uc218 \uba87 \uac1c\ub97c \uc778\uc9c0\ud558\uace0 \uc788\ub294\uac00?
\nA : 0x10001656 \uc73c\ub85c \uc774\ub3d9\ud574\uc11c \ud655\uc778\ud574\ubcf4\uba74, IDA \uac00 \uc790\ub3d9\uc73c\ub85c \ud30c\ub77c\ubbf8\ud130\ub97c \uc778\uc2dd\ud574\uc11c \ubcc0\uc218\uba85\uae4c\uc9c0 \ubd99\uc5ec\ub193\uc558\ub2e4.
\n\uc9c0\uc5ed\ubcc0\uc218\ub294 \uc74c\uc758 offset \uc73c\ub85c \ucd1d 23\uac1c\uac00 \uc788\ub2e4.
\n\"5-1-7\"<\/p>\n

6. 0x10001656\uc5d0 \uc788\ub294 \uc11c\ube0c\ub8e8\ud2f4\uc5d0\uc11c IDA Pro\ub294 \ud30c\ub77c\ubbf8\ud130 \uba87 \uac1c\ub97c \uc778\uc9c0\ud558\uace0 \uc788\ub294\uac00?
\nA : \ud30c\ub77c\ubbf8\ud130\ub294 \uc591\uc758 offset \uc73c\ub85c arg_0 1\uac1c\uac00 \uc788\ub2e4.<\/p>\n

7. Strings \uc708\ub3c4\uc6b0\ub97c \uc774\uc6a9\ud574 \ub514\uc2a4\uc5b4\uc148\ube14\ub9ac \ub0b4\uc758 \ubb38\uc790\uc5f4 \\cmd.exe \/c\ub97c \ucc3e\uc544\ubcf4\uc790. \uc5b4\ub514\uc5d0 \uc788\ub294\uac00?
\nA : Strings \uc708\ub3c4\uc6b0\uc5d0\uc11c \\cmd.exe \/c\ub97c \ucc3e\uc544\ubcf4\uba74, xdoors_d\uc601\uc5ed\uc758 0x10095B34 \uc704\uce58\uc5d0 \uc788\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
\n\"5-1-8\"<\/p>\n

8. \\cmd.exe \/c\ub97c \ucc38\uc870\ud558\ub294 \ucf54\ub4dc \uc601\uc5ed\uc5d0\uc11c \ubb34\uc2a8 \uc77c\uc774 \ubc1c\uc0dd\ud558\ub294\uac00?
\nA : \uc704\uc758 \ucc3d\uc5d0\uc11c \ub354\ube14\ud074\ub9ad\ud574\ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc740 \ubd80\ubd84\uc744 \ubcfc \uc218 \uc788\uace0,
\n\"5-1-9\"<\/p>\n

cmd.exe \ubc14\ub85c \uc544\ub798 \ubd80\ubd84\uc744 \ubcf4\uba74, \uc544\ub798\uc640 \uac19\uc740 \ubb38\uad6c\ub3c4 \ubcfc \uc218 \uc788\ub2e4.
\nHi,Master
\nWelCome Back…Are You Enjoying Today?
\nEncrypt Magic Number For This Remote Shell Session<\/p>\n

\uadf8\ub9ac\uace0 cmd.exe \ubd80\ubd84\uc740 sub_1000FF58 \ud568\uc218\uc758 \ud55c \ubd80\ubd84\uc5d0\uc11c\ub9cc \uc0c1\ud638\ucc38\uc870 \ub418\uace0 \uc788\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
\n\"5-1-10\"<\/p>\n

\ud574\ub2f9 \uc0c1\ud638\ucc38\uc870\ub97c \ub530\ub77c\uac00\uba74 \uc544\ub798\uc640 \uac19\uc740 \ubd80\ubd84\uc744 \ud655\uc778\ud560\uc218 \uc788\ub2e4.
\n\"5-1-11\"<\/p>\n

9. \uac19\uc740\uc601\uc5ed 0x100101C8\uc5d0\uc11c dword_1008E5C4\ub294 \uacbd\ub85c\ub97c \uc9c0\uc815\ud558\ub294 \uc804\uc5ed\ubcc0\uc218\ub85c \ubcf4\uc778\ub2e4, \uc545\uc131\ucf54\ub4dc\ub294 \uc5b4\ub5bb\uac8c dword_1008E5C4\ub97c \uc124\uc815\ud558\ub294\uac00?(\ud78c\ud2b8:dword_1008E5C4\uc758 \uc0c1\ud638\ucc38\uc870\ub97c \ud65c\uc6a9\ud558\ub77c)
\nA : dword_1008E5C4\ub97c, \ub354\ube14\ud074\ub9ad\ud558\uba74, \uc544\ub798\uc758 \ucf54\ub4dc\ub97c \ubcfc \uc218 \uc788\ub2e4.
\n\"5-1-12\"<\/p>\n

\uc5ec\uae30\uc5d0\uc11c \uc0c1\ud638\ucc38\uc870\ub97c \ud655\uc778\ud558\uba74, 3\uac1c\ub97c \ud655\uc778\ud560\uc218 \uc788\ub2e4.
\n\"5-1-14\"<\/p>\n

\uc5ec\uae30\uc11c dword_1008E5C4\ub97c \ubcc0\uacbd\ud558\ub294 mov \ubd80\ubd84\uc744 \ub354\ube14\ud074\ub9ad\ud558\uc5ec \ud655\uc778\ud574\ubcf4\uba74, \ubc14\ub85c\uc704\uc758 sub_10003695 \ud568\uc218\ub97c \ubcfc\uc218 \uc788\ub2e4.
\n\"5-1-15\"<\/p>\n

\uc774 \ud568\uc218\uc758 \ub85c\uc9c1\uc744 \uc0b4\ud3b4\ubcf4\uba74, GetVersionExA\ud568\uc218\ub97c \ud638\ucd9c\ud558\uc5ec \uc6b4\uc601\uccb4\uc81c\uc758 \ubc84\uc804\uc744 \ud655\uc778\ud558\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.
\n\"5-1-16\"<\/p>\n

10. 0x1000FF58\uc5d0\uc11c \uc11c\ube0c\ub8e8\ud2f4\uc73c\ub85c \uc218\ubc31\ub77c\uc778\uc740 \ubb38\uc790\uc5f4\uc744 \ube44\uad50\ud558\uae30 \uc704\ud55c \uc77c\ub828\uc758 memcmp \ube44\uad50\ub2e4. rotbotwork\uc640 \ubb38\uc790\uc5f4 \ube44\uad50\uac00 \uc131\uacf5\uc801\uc73c\ub85c \uc774\ub904\uc9c0\uba74 \ubb34\uc2a8\uc77c\uc774 \uc77c\uc5b4\ub098\ub294\uac00?(memcmp\uac00 0\uc744 \ubc18\ud658)
\nA : 0x1000FF58 \uc8fc\uc18c\ub294 sub_1000FF58 \ud568\uc218\ub97c \uac00\ub974\ud0a4\uba70, \ud568\uc218\uac00 \uc0c1\ub2f9\ud788 \ud06c\ub2e4, \ucb49 \ucb49 \ub0b4\ub9ac\uba74\uc11c \ubcf4\ub2e4\ubcf4\uba74 \ubb38\uc81c\uc5d0\uc11c \uc5b8\uae09\ub41c rotbotwork\uc640 \ubb38\uc790\uc5f4 \ube44\uad50\ud558\ub294 \ubd80\ubd84\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
\n\"5-1-17\"<\/p>\n

\ubb38\uc790\uc5f4\uc774 rotbotwork \uc640 \uc77c\uce58\ud558\uba74, sub_100052A2\uc744 call \ud558\uace0 \uc544\ub2c8\uba74, loc_10010468 \uc73c\ub85c \uc774\ub3d9\ud55c\ub2e4.<\/p>\n

sub_100052A2 \ud568\uc218\ub97c \ud655\uc778\ud574\ubcf4\uba74, SOFTWARE\\Microsoft\\Windows\\CurrentVersion \uc758 \ub808\uc9c0\uc2a4\ud2b8\ub9ac\uac12\uc744 \ud655\uc778\ud558\ub294 \uac83\uc744 \ubcfc\uc218 \uc788\ub2e4.
\n\"5-1-18\"<\/p>\n

\uadf8\ub9ac\uace0 loc_10010468\uc5d0\uc11c\ub294 \ub610 \ub2e4\ub978 \ubb38\uc790\uc5f4\uc778 mbase \uc640 \ube44\uad50\ub97c \ud558\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n

\ubb38\uc81c\uac00 21\ubb38\uc81c\ub97c \ub118\uc5b4\uac00\ubbc0\ub85c 10\ubc88 \uc774\ud6c4\uc758 \ubb38\uc81c\ub294 \ub2e4\uc74c post\uc5d0\uc11c..\u3160\u3160<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[658,1266],"tags":[1265,236],"class_list":["post-5477","post","type-post","status-publish","format-standard","hentry","category-book-2","category-reversing","tag-malware-analysis","tag-236"],"yoast_head":"\n\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/apollo89.com\/wordpress\/?p=5477\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com\" \/>\n<meta property=\"og:description\" content=\"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/apollo89.com\/wordpress\/?p=5477\" \/>\n<meta property=\"og:site_name\" content=\"Apollo89.com\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-10T13:15:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-01-15T04:47:32+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg\" \/>\n<meta name=\"author\" content=\"apollo89\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"apollo89\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"1\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477\"},\"author\":{\"name\":\"apollo89\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"headline\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)\",\"datePublished\":\"2014-01-10T13:15:13+00:00\",\"dateModified\":\"2014-01-15T04:47:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477\"},\"wordCount\":191,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"keywords\":[\"Malware Analysis\",\"\ub3c5\uc11c\"],\"articleSection\":[\"Reading\",\"Reversing\"],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477\",\"name\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"datePublished\":\"2014-01-10T13:15:13+00:00\",\"dateModified\":\"2014-01-15T04:47:32+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#primaryimage\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"contentUrl\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/Practical_Malware_Analysis.jpg\",\"width\":301,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=5477#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\ud648\",\"item\":\"https:\\\/\\\/apollo89.com\\\/wordpress\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/\",\"name\":\"Apollo89.com\",\"description\":\"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\",\"name\":\"apollo89\",\"description\":\"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/apollo89.com\/wordpress\/?p=5477","og_locale":"ko_KR","og_type":"article","og_title":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com","og_description":"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 1\uc7a5 \uae30\ucd08 \uc815\uc801\ubd84\uc11d \uc2e4\uc2b5 1-1 \uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 … Continue reading →","og_url":"https:\/\/apollo89.com\/wordpress\/?p=5477","og_site_name":"Apollo89.com","article_published_time":"2014-01-10T13:15:13+00:00","article_modified_time":"2014-01-15T04:47:32+00:00","og_image":[{"url":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","type":"","width":"","height":""}],"author":"apollo89","twitter_card":"summary_large_image","twitter_misc":{"\uae00\uc4f4\uc774":"apollo89","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"1\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#article","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477"},"author":{"name":"apollo89","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"headline":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)","datePublished":"2014-01-10T13:15:13+00:00","dateModified":"2014-01-15T04:47:32+00:00","mainEntityOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477"},"wordCount":191,"commentCount":0,"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","keywords":["Malware Analysis","\ub3c5\uc11c"],"articleSection":["Reading","Reversing"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/apollo89.com\/wordpress\/?p=5477#respond"]}]},{"@type":"WebPage","@id":"https:\/\/apollo89.com\/wordpress\/?p=5477","url":"https:\/\/apollo89.com\/wordpress\/?p=5477","name":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d - 5\uc7a5 IDA Pro (1) - Apollo89.com","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#primaryimage"},"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","datePublished":"2014-01-10T13:15:13+00:00","dateModified":"2014-01-15T04:47:32+00:00","author":{"@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"breadcrumb":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/apollo89.com\/wordpress\/?p=5477"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#primaryimage","url":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","contentUrl":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/Practical_Malware_Analysis.jpg","width":301,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/apollo89.com\/wordpress\/?p=5477#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\ud648","item":"https:\/\/apollo89.com\/wordpress"},{"@type":"ListItem","position":2,"name":"\uc2e4\uc804 \uc545\uc131\ucf54\ub4dc\uc640 \uba40\uc6e8\uc5b4 \ubd84\uc11d – 5\uc7a5 IDA Pro (1)"}]},{"@type":"WebSite","@id":"https:\/\/apollo89.com\/wordpress\/#website","url":"https:\/\/apollo89.com\/wordpress\/","name":"Apollo89.com","description":"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/apollo89.com\/wordpress\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82","name":"apollo89","description":"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.","url":"https:\/\/apollo89.com\/wordpress\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/5477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5477"}],"version-history":[{"count":0,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/5477\/revisions"}],"wp:attachment":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}