3.20 악성코드 분석
bind text로 추출 및 필요부분만 남김 File pos Mem pos ID Text ======== ======= == ==== 00000000289F 00000040289F 0 kernel32.dll 0000000028B7 0000004028B7 0 msvcrt.dll 0000000028CB 0000004028CB 0 JO840112-CRAS8468-11150923-PCI8273V 0000000028EF 0000004028EF 0 HASTATI. 000000002901 000000402901 0 %s*.* 000000002907 000000402907 0 Program Files 000000002915 000000402915 0 ProgramData 00000000292B 00000040292B ..
2016.12.13