• Smart Media Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2019

At the opening ceremony of 2018 Winter Olympics in PyeongChang, an unknown cyber-attack occurred. The malicious code used in the attack is based on in-memory malware, which differs from other malicious code in its concealed location and is spreading rapidly to be found in more than 140 banks, telecommunications and government agencies. In-memory malware accounts for more than 15% of all malicious codes, and it does not store its own information in a non-volatile storage device such as a disk but resides in a RAM, a volatile storage device and penetrates into well-known processes (explorer.exe, iexplore.exe, javaw.exe). Such characteristics make it difficult to analyze it. The most recently released in-memory malicious code bypasses the endpoint protection and detection tools and hides from the user recognition. In this paper, we propose a method to efficiently extract the payload by unpacking injection through IDA Pro debugger for Dorkbot and Erger, which are in-memory malicious codes.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• Proceedings of the Korean Society for Noise and Vibration Engineering Conference
• /
• 2010.10a
• /
• pp.387-388
• /
• 2010

• Communications of the Korean Mathematical Society
• /
• v.21 no.3
• /
• pp.409-417
• /
• 2006

자연현상의 복잡한 대상의 연구에서 출발한 프랙탈의 연구는 물리학에서 특히 열역학에서의 기법을 활용한 다중프랙탈의 연구로까지 그 영역이 확대되었다. 이 논문에서는 프랙탈과 다중프랙탈의 여러 가지 성질과 그 응용에 대한 최근 결과를 소개한다

• 프린팅코리아
• /
• v.12 no.7
• /
• pp.108-108
• /
• 2013

화성토탈(주)(대표이사 최유진)는 최근 신개념 블랭킷 언더패킹 '피니토'의 제조업체인 이탈리아 프린트그라프의 로베르토 레비(Roberto Levi) 사장과 함께 삼화인쇄(주), 으뜸프로세스(주), (주)타라TPS, (주)프린피아 등 고객사를 방문했다. 고객사 방문을 통해 피니토 사용현황을 점검했으며, 신제품인 '피니토 드레스'를 소개하는 시간을 가졌다.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.48 no.6
• /
• pp.61-67
• /
• 2011

Stereoscopic 3D video can be transmitted by frame-compatible packing format to fulfill the compatibility requirement with the existing digital TV. Then, the reduced stereo image needs to be expanded to the original size at the receiver. This paper proposes an adaptive interpolation method for the discarded image lines. The horizontal line-based linear filter and NEDI6 filter are used selectively for the interpolation of each pixel. Experimental results show that the NEDI6 combined with the horizontal line-based linear filter yields better image quality than the bilinear method by around 0.6dB.

• Proceedings of the KSME Conference
• /
• 2004.11a
• /
• pp.1715-1720
• /
• 2004

This paper presents the characteristics of internal clearances for the interstage of blades and shaft gland seals on the steam turbine which are installed in tandem compound. Internal clearances was changed when the rotor turned in the cylindrical sleeve bearing due to the generation of oil film wedge. This presented concern is very useful to prevent the rubbing damage of seal edge between the fixed and moving parts in steam turbine due to the misalignment at the rotating and stationary parts. This method is applied for the unbalanced clearances distribution to the left and right sides in the turbine casing. A considerable amount of unbalanced clearances distribution trend is determined according to the rotating speed of rotor, size and type of proceeding bearing, oil viscosity, surface roughness of bearing and shaft, oil temperature, oil pressure and bearing load.

• Journal of the Korean Society for Precision Engineering
• /
• v.33 no.2
• /
• pp.139-147
• /
• 2016

Performances of urethane packing in the hydraulic breaker were analyzed using a finite element method. Because of high temperature and high pressure in the hydraulic breaker, it is better to use urethane rather than rubber as a packing material. We obtained the physical properties of urethane at elevated temperature by the tensile test. We analyzed buffer seal and U-packing maintaining the pressure and preventing oil leakage. Deformation, stress distribution, contact length, contact pressure of packing at each pressure step were obtained using finite element analysis. As the temperature increases, stress and contact force tend to decrease at low pressure. As the gap between piston and cylinder increases, contact length and contact forces decrease. Consequently, it is possible to design the packing section using these analyses, and construct a system to predict the possibility of oil leakage in the hydraulic breaker.

• Journal of the Korean Society for Precision Engineering
• /
• v.31 no.1
• /
• pp.9-13
• /
• 2014

The molding process can be divided into five separate steps: plastification, injection, holding, cooling, and finally ejection. In the plastic injection molding, the effect factor such as mold temperature, injection speed, packing pressure and inhomogeneous cooling under packing process affects both the article dimension and physical characteristics. Especially, the packing pressure is the most critical factor to affect molded articles quality among the packing parameters. In this paper, the CAE simulation considering the molding condition is performed to predict the faulty cause which appears in the packing process between cavities of injection molding machine. From the results of CAE simulation, the packing phenomena according to the product form and the gate position was investigated to improve the article quality and minimize the various molding defects. The effect of packing pressure and gate number on the injection molding was discussed.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2017.11a
• /
• pp.6-7
• /
• 2017

360 비디오는 몰입감을 제공해주는 새로운 타입의 미디어로 최근 그 주목도가 더해져 가고 있다. 이에 따라 차세대 비디오 표준 기술 탐색을 진행하고 있는 JVET(Joint Video Exploration Team)에서는 360 비디오를 SDR 및 HDR 비디오와 함께 표준화 대상으로 논의되고 있다. 현재 JVET 에서는 360 비디오를 부호화 하기 위한 다양한 2D 투영기법이 제시되고 있다. 2D 로 변환된 영상은 투영 면(face) 간의 불연속성과 비활성 영역이 존재할 수 있으며 이는 부호화 효율을 저하시키는 원인이 된다. 본 논문에서는 ISP(Icosahedral Projection)에서의 이러한 불연속성과 비활성 영역을 줄이는 효과적인 프레임 패킹(packing) 기법을 제시한다. 제안 기법은 투영면들 간의 불연속 경계면을 효율적으로 배치하여 주관적 화질과 부호화 효율을 향상시킨다. 실험결과 기존 CISP(Compact ISP) 대비 1.0%, 1.0%, 1.27%, 0.63%의 BD-rate 감소를 확인 할 수 있었다. 또한 기존 CISP 대비 주관적 화질이 향상된 것을 확인 할 수 있었다.