{"id":478808,"date":"2023-08-09T09:38:29","date_gmt":"2023-08-09T09:38:29","guid":{"rendered":""},"modified":"2023-09-05T11:17:36","modified_gmt":"2023-09-05T11:17:36","slug":"runpe-technique","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/runpe-technique\/","title":{"rendered":"RunPE \u30c6\u30af\u30cb\u30c3\u30af"},"content":{"rendered":"<p>RunPE \u6280\u8853\u306b\u95a2\u3059\u308b\u7c21\u5358\u306a\u60c5\u5831<\/p>\n<p>RunPE \u6280\u8853\u3068\u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf \u30b7\u30b9\u30c6\u30e0\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u6b63\u5f53\u306a\u30d7\u30ed\u30bb\u30b9\u5185\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u96a0\u3059\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u624b\u6cd5\u3092\u6307\u3057\u307e\u3059\u3002\u6b63\u5f53\u306a\u30d7\u30ed\u30bb\u30b9\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3059\u308b\u3068\u3001\u611f\u67d3\u3057\u305f\u30d7\u30ed\u30bb\u30b9\u306e\u901a\u5e38\u306e\u52d5\u4f5c\u306b\u3088\u3063\u3066\u6709\u5bb3\u306a\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u96a0\u3055\u308c\u308b\u305f\u3081\u3001\u653b\u6483\u8005\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c4\u30fc\u30eb\u306b\u3088\u308b\u691c\u51fa\u3092\u56de\u907f\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>RunPE \u6280\u8853\u306e\u8d77\u6e90\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca\u306e\u6b74\u53f2<\/h2>\n<p>RunPE (Run Portable Executable) \u624b\u6cd5\u306f\u30012000 \u5e74\u4ee3\u521d\u982d\u306b\u305d\u306e\u8d77\u6e90\u3092\u9061\u308a\u307e\u3059\u3002\u5f53\u521d\u306f\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u6210\u8005\u304c\u30a6\u30a4\u30eb\u30b9\u5bfe\u7b56\u306e\u691c\u51fa\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u3059\u3050\u306b\u30b5\u30a4\u30d0\u30fc\u72af\u7f6a\u8005\u306e\u9593\u3067\u4eba\u6c17\u306e\u30c4\u30fc\u30eb\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u624b\u6cd5\u306e\u540d\u524d\u306f\u3001Windows \u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306e\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306b\u4f7f\u7528\u3055\u308c\u308b\u4e00\u822c\u7684\u306a\u30d5\u30a1\u30a4\u30eb\u5f62\u5f0f\u3067\u3042\u308b Portable Executable (PE) \u5f62\u5f0f\u306b\u7531\u6765\u3057\u3066\u3044\u307e\u3059\u3002RunPE \u306e\u6700\u521d\u306e\u8a00\u53ca\u306f\u3084\u3084\u4e0d\u660e\u77ad\u3067\u3059\u304c\u3001\u30cf\u30c3\u30ab\u30fc\u304c\u624b\u6cd5\u3084\u30c4\u30fc\u30eb\u3092\u5171\u6709\u3059\u308b\u30d5\u30a9\u30fc\u30e9\u30e0\u3084\u30a2\u30f3\u30c0\u30fc\u30b0\u30e9\u30a6\u30f3\u30c9 \u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u3067\u898b\u3089\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<h2>RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306b\u95a2\u3059\u308b\u8a73\u7d30\u60c5\u5831\u3002\u30c8\u30d4\u30c3\u30af\u306e\u62e1\u5f35 RunPE \u30c6\u30af\u30cb\u30c3\u30af<\/h2>\n<p>RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306f\u3001\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306e\u5185\u90e8\u306b\u95a2\u3059\u308b\u5e83\u7bc4\u306a\u77e5\u8b58\u3092\u5fc5\u8981\u3068\u3059\u308b\u9ad8\u5ea6\u306a\u65b9\u6cd5\u3067\u3059\u3002\u6b21\u306e\u624b\u9806\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<ol>\n<li><strong>\u30bf\u30fc\u30b2\u30c3\u30c8\u30d7\u30ed\u30bb\u30b9\u306e\u9078\u629e<\/strong>: \u653b\u6483\u8005\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3059\u308b\u6b63\u5f53\u306a\u30d7\u30ed\u30bb\u30b9\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/li>\n<li><strong>\u30d7\u30ed\u30bb\u30b9\u306e\u4f5c\u6210\u307e\u305f\u306f\u4e57\u3063\u53d6\u308a<\/strong>: \u653b\u6483\u8005\u306f\u65b0\u3057\u3044\u30d7\u30ed\u30bb\u30b9\u3092\u4f5c\u6210\u3057\u305f\u308a\u3001\u65e2\u5b58\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u4e57\u3063\u53d6\u3063\u305f\u308a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<li><strong>\u5143\u306e\u30b3\u30fc\u30c9\u306e\u30de\u30c3\u30d4\u30f3\u30b0\u89e3\u9664<\/strong>: \u5bfe\u8c61\u30d7\u30ed\u30bb\u30b9\u5185\u306e\u5143\u306e\u30b3\u30fc\u30c9\u304c\u7f6e\u304d\u63db\u3048\u3089\u308c\u308b\u304b\u3001\u975e\u8868\u793a\u306b\u306a\u308a\u307e\u3059\u3002<\/li>\n<li><strong>\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u633f\u5165<\/strong>: \u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u30bf\u30fc\u30b2\u30c3\u30c8\u30d7\u30ed\u30bb\u30b9\u306b\u633f\u5165\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><strong>\u5b9f\u884c\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8<\/strong>: \u30bf\u30fc\u30b2\u30c3\u30c8 \u30d7\u30ed\u30bb\u30b9\u306e\u5b9f\u884c\u30d5\u30ed\u30fc\u304c\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/li>\n<\/ol>\n<h2>RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306e\u5185\u90e8\u69cb\u9020\u3002RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306e\u4ed5\u7d44\u307f<\/h2>\n<p>RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306e\u5185\u90e8\u69cb\u9020\u306f\u3001\u30d7\u30ed\u30bb\u30b9 \u30e1\u30e2\u30ea\u3068\u5b9f\u884c\u30d5\u30ed\u30fc\u306e\u64cd\u4f5c\u3092\u4e2d\u5fc3\u306b\u5c55\u958b\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u4ed5\u7d44\u307f\u3092\u8a73\u3057\u304f\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<ol>\n<li><strong>\u30e1\u30e2\u30ea\u306e\u5272\u308a\u5f53\u3066<\/strong>: \u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u683c\u7d0d\u3059\u308b\u305f\u3081\u306b\u3001\u30bf\u30fc\u30b2\u30c3\u30c8 \u30d7\u30ed\u30bb\u30b9\u5185\u306b\u30e1\u30e2\u30ea\u9818\u57df\u304c\u5272\u308a\u5f53\u3066\u3089\u308c\u307e\u3059\u3002<\/li>\n<li><strong>\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong>: \u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306f\u5272\u308a\u5f53\u3066\u3089\u308c\u305f\u30e1\u30e2\u30ea\u7a7a\u9593\u306b\u30b3\u30d4\u30fc\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><strong>\u30e1\u30e2\u30ea\u6a29\u9650\u306e\u8abf\u6574<\/strong>: \u5b9f\u884c\u3092\u8a31\u53ef\u3059\u308b\u3088\u3046\u306b\u30e1\u30e2\u30ea\u6a29\u9650\u304c\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002<\/li>\n<li><strong>\u30b9\u30ec\u30c3\u30c9\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306e\u64cd\u4f5c<\/strong>: \u30bf\u30fc\u30b2\u30c3\u30c8 \u30d7\u30ed\u30bb\u30b9\u306e\u30b9\u30ec\u30c3\u30c9 \u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u304c\u5909\u66f4\u3055\u308c\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u304c\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><strong>\u5b9f\u884c\u306e\u518d\u958b<\/strong>: \u5b9f\u884c\u304c\u518d\u958b\u3055\u308c\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u30bf\u30fc\u30b2\u30c3\u30c8 \u30d7\u30ed\u30bb\u30b9\u306e\u4e00\u90e8\u3068\u3057\u3066\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/li>\n<\/ol>\n<h2>RunPE\u6280\u8853\u306e\u4e3b\u306a\u7279\u5fb4\u306e\u5206\u6790<\/h2>\n<ul>\n<li><strong>\u30b9\u30c6\u30eb\u30b9<\/strong>: \u3053\u306e\u624b\u6cd5\u306f\u3001\u6b63\u5f53\u306a\u30d7\u30ed\u30bb\u30b9\u5185\u306b\u96a0\u308c\u308b\u3053\u3068\u3067\u3001\u591a\u304f\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c4\u30fc\u30eb\u3092\u56de\u907f\u3057\u307e\u3059\u3002<\/li>\n<li><strong>\u8907\u96d1<\/strong>: \u30b7\u30b9\u30c6\u30e0\u5185\u90e8\u3068 API \u306b\u95a2\u3059\u308b\u5341\u5206\u306a\u77e5\u8b58\u304c\u5fc5\u8981\u3067\u3059\u3002<\/li>\n<li><strong>\u591a\u7528\u9014\u6027<\/strong>: \u30c8\u30ed\u30a4\u306e\u6728\u99ac\u3084\u30eb\u30fc\u30c8\u30ad\u30c3\u30c8\u306a\u3069\u3001\u3055\u307e\u3056\u307e\u306a\u7a2e\u985e\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3067\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/li>\n<li><strong>\u9069\u5fdc\u6027<\/strong>: \u3055\u307e\u3056\u307e\u306a\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u3084\u74b0\u5883\u306b\u9069\u5fdc\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2>RunPE\u30c6\u30af\u30cb\u30c3\u30af\u306e\u7a2e\u985e\u3002\u8868\u3068\u30ea\u30b9\u30c8\u3092\u4f7f\u7528\u3057\u3066\u8a18\u8ff0\u3059\u308b<\/h2>\n<p>RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306b\u306f\u3044\u304f\u3064\u304b\u306e\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u308a\u3001\u305d\u308c\u305e\u308c\u306b\u72ec\u81ea\u306e\u7279\u5fb4\u304c\u3042\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306b\u3001\u305d\u306e\u3044\u304f\u3064\u304b\u3092\u8a73\u3057\u304f\u8aac\u660e\u3057\u305f\u8868\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30af\u30e9\u30b7\u30c3\u30afRunPE<\/td>\n<td>\u65b0\u3057\u304f\u4f5c\u6210\u3055\u308c\u305f\u30d7\u30ed\u30bb\u30b9\u306b\u633f\u5165\u3059\u308b RunPE \u306e\u57fa\u672c\u5f62\u5f0f\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30db\u30ed\u30fc\u30d7\u30ed\u30bb\u30b9<\/td>\n<td>\u30d7\u30ed\u30bb\u30b9\u3092\u7a7a\u6d1e\u5316\u3057\u3001\u305d\u306e\u5185\u5bb9\u3092\u7f6e\u304d\u63db\u3048\u308b\u3053\u3068\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u539f\u5b50\u7206\u5f3e<\/td>\n<td>Windows \u306e\u30a2\u30c8\u30e0 \u30c6\u30fc\u30d6\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3001\u30d7\u30ed\u30bb\u30b9\u306b\u30b3\u30fc\u30c9\u3092\u66f8\u304d\u8fbc\u307f\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30d7\u30ed\u30bb\u30b9\u30c9\u30c3\u30da\u30eb\u30b2\u30f3\u30ae\u30f3\u30b0<\/td>\n<td>\u30d5\u30a1\u30a4\u30eb\u64cd\u4f5c\u3068\u30d7\u30ed\u30bb\u30b9\u4f5c\u6210\u3092\u5229\u7528\u3057\u3066\u691c\u51fa\u3092\u56de\u907f\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>RunPE\u6280\u8853\u306e\u4f7f\u7528\u65b9\u6cd5\u3001\u4f7f\u7528\u306b\u95a2\u9023\u3059\u308b\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56<\/h2>\n<h3>\u7528\u9014<\/h3>\n<ul>\n<li><strong>\u30de\u30eb\u30a6\u30a7\u30a2\u56de\u907f<\/strong>: \u30a6\u30a4\u30eb\u30b9\u5bfe\u7b56\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306b\u3088\u308b\u691c\u51fa\u3092\u56de\u907f\u3057\u307e\u3059\u3002<\/li>\n<li><strong>\u6a29\u9650\u6607\u683c<\/strong>: \u30b7\u30b9\u30c6\u30e0\u5185\u3067\u3088\u308a\u9ad8\u3044\u6a29\u9650\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/li>\n<li><strong>\u30c7\u30fc\u30bf\u306e\u76d7\u96e3<\/strong>: \u691c\u77e5\u3055\u308c\u308b\u3053\u3068\u306a\u304f\u6a5f\u5bc6\u60c5\u5831\u3092\u76d7\u3080\u3002<\/li>\n<\/ul>\n<h3>\u554f\u984c\u70b9<\/h3>\n<ul>\n<li><strong>\u691c\u51fa<\/strong>: \u9ad8\u5ea6\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c4\u30fc\u30eb\u306b\u3088\u3063\u3066\u3053\u306e\u624b\u6cd5\u304c\u691c\u51fa\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<li><strong>\u8907\u96d1\u306a\u5b9f\u88c5<\/strong>: \u9ad8\u5ea6\u306a\u5c02\u9580\u77e5\u8b58\u304c\u5fc5\u8981\u3067\u3059\u3002<\/li>\n<\/ul>\n<h3>\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3<\/h3>\n<ul>\n<li><strong>\u5b9a\u671f\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8<\/strong>: \u30b7\u30b9\u30c6\u30e0\u3092\u6700\u65b0\u306e\u72b6\u614b\u306b\u4fdd\u3061\u307e\u3059\u3002<\/li>\n<li><strong>\u9ad8\u5ea6\u306a\u76e3\u8996\u30c4\u30fc\u30eb<\/strong>: \u7570\u5e38\u306a\u30d7\u30ed\u30bb\u30b9\u52d5\u4f5c\u3092\u691c\u51fa\u3067\u304d\u308b\u30c4\u30fc\u30eb\u3092\u63a1\u7528\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2>\u4e3b\u306a\u7279\u5fb4\u3068\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03\u3092\u8868\u3068\u30ea\u30b9\u30c8\u3067\u307e\u3068\u3081\u307e\u3057\u305f<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u6280\u8853<\/th>\n<th>\u30b9\u30c6\u30eb\u30b9<\/th>\n<th>\u8907\u96d1<\/th>\n<th>\u591a\u7528\u9014\u6027<\/th>\n<th>\u5bfe\u8c61OS<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u5b9f\u884cPE<\/td>\n<td>\u9ad8\u3044<\/td>\n<td>\u9ad8\u3044<\/td>\n<td>\u9ad8\u3044<\/td>\n<td>\u30a6\u30a3\u30f3\u30c9\u30a6\u30ba<\/td>\n<\/tr>\n<tr>\n<td>\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/td>\n<td>\u4e2d\u304f\u3089\u3044<\/td>\n<td>\u4e2d\u304f\u3089\u3044<\/td>\n<td>\u4e2d\u304f\u3089\u3044<\/td>\n<td>\u30af\u30ed\u30b9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0<\/td>\n<\/tr>\n<tr>\n<td>\u30d7\u30ed\u30bb\u30b9\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u30a6\u30a3\u30f3\u30c9\u30a6\u30ba<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>RunPE\u6280\u8853\u306b\u95a2\u3059\u308b\u4eca\u5f8c\u306e\u5c55\u671b\u3068\u6280\u8853<\/h2>\n<p>RunPE \u6280\u8853\u306e\u5c06\u6765\u306f\u3001\u30b9\u30c6\u30eb\u30b9\u6027\u3068\u8907\u96d1\u3055\u304c\u3055\u3089\u306b\u9032\u6b69\u3057\u3001\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u56de\u907f\u3059\u308b\u65b0\u3057\u3044\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u304c\u767b\u5834\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002AI \u3068\u6a5f\u68b0\u5b66\u7fd2\u3068\u306e\u7d71\u5408\u304c\u9032\u3080\u3068\u3001\u3088\u308a\u9069\u5fdc\u6027\u3068\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30c8\u6027\u3092\u5099\u3048\u305f\u6280\u8853\u304c\u5b9f\u73fe\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092 RunPE \u30c6\u30af\u30cb\u30c3\u30af\u3067\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u307e\u305f\u306f\u95a2\u9023\u4ed8\u3051\u308b\u65b9\u6cd5<\/h2>\n<p>OneProxy \u306b\u3088\u3063\u3066\u63d0\u4f9b\u3055\u308c\u308b\u3088\u3046\u306a\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u3055\u307e\u3056\u307e\u306a\u65b9\u6cd5\u3067 RunPE \u30c6\u30af\u30cb\u30c3\u30af\u306b\u95a2\u4e0e\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li><strong>\u533f\u540d\u5316\u653b\u6483<\/strong>: \u653b\u6483\u8005\u306f\u3001RunPE \u30c6\u30af\u30cb\u30c3\u30af\u3092\u5c55\u958b\u3059\u308b\u969b\u306b\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u81ea\u5206\u306e\u4f4d\u7f6e\u3092\u96a0\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/li>\n<li><strong>\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u76e3\u8996<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3001RunPE \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u95a2\u9023\u3059\u308b\u7591\u308f\u3057\u3044\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30c8\u30e9\u30d5\u30a3\u30c3\u30af \u30d1\u30bf\u30fc\u30f3\u3092\u691c\u51fa\u3067\u304d\u307e\u3059\u3002<\/li>\n<li><strong>\u7de9\u548c<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u76e3\u8996\u304a\u3088\u3073\u5236\u5fa1\u3059\u308b\u3053\u3068\u3067\u3001RunPE \u6280\u8853\u3092\u5229\u7528\u3057\u305f\u653b\u6483\u3092\u8b58\u5225\u3057\u3001\u8efd\u6e1b\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format\" target=\"_new\" rel=\"noopener nofollow\">Microsoft: \u30dd\u30fc\u30bf\u30d6\u30eb\u5b9f\u884c\u53ef\u80fd\u5f62\u5f0f<\/a><\/li>\n<li><a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/process-hollowing-attacks\" target=\"_new\" rel=\"noopener nofollow\">\u30b7\u30de\u30f3\u30c6\u30c3\u30af: \u30d7\u30ed\u30bb\u30b9\u30db\u30ed\u30fc\u30a4\u30f3\u30b0\u6280\u8853<\/a><\/li>\n<li><a href=\"https:\/\/oneproxy.pro\/jp\/security-solutions\/\" target=\"_new\" rel=\"noopener\">OneProxy: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3<\/a><\/li>\n<\/ul>\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001RunPE \u624b\u6cd5\u3001\u305d\u306e\u6b74\u53f2\u3001\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u3001\u304a\u3088\u3073\u305d\u308c\u3092\u691c\u51fa\u307e\u305f\u306f\u8efd\u6e1b\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8a73\u7d30\u306b\u8aac\u660e\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u5074\u9762\u3092\u7406\u89e3\u3059\u308b\u3053\u3068\u306f\u3001\u9ad8\u5ea6\u306a\u653b\u6483\u304b\u3089\u30b7\u30b9\u30c6\u30e0\u3092\u4fdd\u8b77\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u308b\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5c02\u9580\u5bb6\u3084\u7d44\u7e54\u306b\u3068\u3063\u3066\u975e\u5e38\u306b\u91cd\u8981\u3067\u3059\u3002<\/p>","protected":false},"featured_media":470401,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478808","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>RunPE Technique<\/mark>","faq_items":[{"question":"What is the RunPE Technique?","answer":"<p>The RunPE technique refers to a method used by attackers to hide malicious code within a legitimate process running on a computer system. By injecting the malicious code into a valid process, the harmful activities are masked, allowing the attackers to evade detection by security tools.<\/p>"},{"question":"How Did the RunPE Technique Originate?","answer":"<p>The RunPE technique originated in the early 2000s and was initially used to evade antivirus detection. It was popularized in forums and underground communities where hackers shared techniques and tools. The name \"RunPE\" comes from the Portable Executable (PE) format used in Windows operating systems.<\/p>"},{"question":"What Are the Key Features of the RunPE Technique?","answer":"<p>The key features of the RunPE technique include stealth (by hiding within legitimate processes), complexity (requiring significant knowledge of system internals), versatility (being usable with various types of malware), and adaptability (able to adapt to different operating systems and environments).<\/p>"},{"question":"What Types of RunPE Technique Exist?","answer":"<p>Several variations of the RunPE technique exist, including Classic RunPE, Hollow Process, AtomBombing, and Process Doppelg\u00e4nging. Each type has unique characteristics and methods of operation.<\/p>"},{"question":"How Can the RunPE Technique Be Detected or Mitigated?","answer":"<p>Detection and mitigation of the RunPE technique can be achieved through regular security updates, employing advanced monitoring tools that can detect unusual process behavior, and utilizing proxy servers that monitor and control suspicious network traffic.<\/p>"},{"question":"What Are the Future Perspectives Related to RunPE Technique?","answer":"<p>The future of the RunPE technique may see advancements in stealth and complexity, with new variations emerging to bypass modern security measures. Integration with AI and machine learning could enable more adaptive and intelligent forms of the technique.<\/p>"},{"question":"How Are Proxy Servers Like OneProxy Associated with RunPE Technique?","answer":"<p>Proxy servers like OneProxy can be involved with the RunPE technique by anonymizing attacks, monitoring suspicious network traffic patterns related to RunPE activities, and aiding in identifying and mitigating attacks that utilize this technique.<\/p>"},{"question":"What Are Some Related Links for More Information on the RunPE Technique?","answer":"<p>Some related links for more information include <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format\" target=\"_new\">Microsoft's documentation on the Portable Executable Format<\/a>, <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/process-hollowing-attacks\" target=\"_new\">Symantec's explanation of the Process Hollowing Technique<\/a>, and <a href=\"https:\/\/oneproxy.pro\/security-solutions\" target=\"_new\">OneProxy's Security Solutions<\/a>.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/478808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/478808\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/470401"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=478808"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}