{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T20:16:43Z","timestamp":1742933803825,"version":"3.40.3"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031175091"},{"type":"electronic","value":"9783031175107"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-17510-7_21","type":"book-chapter","created":{"date-parts":[[2022,10,12]],"date-time":"2022-10-12T04:03:06Z","timestamp":1665547386000},"page":"308-323","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Building Deobfuscated Applications from\u00a0Polymorphic Binaries"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0893-4417","authenticated-orcid":false,"given":"Vlad Constantin","family":"Cr\u0103ciun","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3533-7573","authenticated-orcid":false,"given":"Andrei-C\u0103t\u0103lin","family":"Mogage","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,10,13]]},"reference":[{"unstructured":"Scylla. github.com\/NtQuery\/Scylla","key":"21_CR1"},{"issue":"12","key":"21_CR2","first-page":"1238","volume":"11","author":"JRS Alrzini","year":"2020","unstructured":"Alrzini, J.R.S., Pennington, D.: A review of polymorphic malware detection techniques. Int. J. Adv. Res. Eng. Technol. 11(12), 1238\u20131247 (2020)","journal-title":"Int. J. Adv. Res. Eng. Technol."},{"key":"21_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-030-61078-4_3","volume-title":"Information and Communications Security","author":"E Bergenholtz","year":"2020","unstructured":"Bergenholtz, E., Casalicchio, E., Ilie, D., Moss, A.: Detection of metamorphic malware packers using multilayered LSTM networks. In: Meng, W., Gollmann, D., Jensen, C.D., Zhou, J. (eds.) ICICS 2020. LNCS, vol. 12282, pp. 36\u201353. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-61078-4_3"},{"doi-asserted-by":"publisher","unstructured":"Choi, M.J., Bang, J., Kim, J., Kim, H., Moon, Y.S.: All-in-one framework for detection, unpacking, and verification for malware analysis. Secur. Commun. Netw. 2019, 5278137 (2019). https:\/\/doi.org\/10.1155\/2019\/5278137. https:\/\/www.hindawi.com\/journals\/scn\/2019\/5278137\/. Hindawi","key":"21_CR4","DOI":"10.1155\/2019\/5278137"},{"doi-asserted-by":"crossref","unstructured":"Coogan, K., Debray, S., Kaochar, T., Townsend, G.: Automatic static unpacking of malware binaries. In: 2009 16th Working Conference on Reverse Engineering, pp. 167\u2013176. IEEE (2009)","key":"21_CR5","DOI":"10.1109\/WCRE.2009.24"},{"unstructured":"D\u2019Alessio, S., Mariani, S.: PinDemonium: a DBI-based generic unpacker for windows executables (2016)","key":"21_CR6"},{"unstructured":"Dalla Preda, M.: Code obfuscation and malware detection by abstract interpretation. PhD diss (2007). https:\/\/profs.sci.univr.it\/dallapre\/MilaDallaPreda_PhD.pdf","key":"21_CR7"},{"doi-asserted-by":"crossref","unstructured":"Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 674\u2013691 (2015)","key":"21_CR8","DOI":"10.1109\/SP.2015.47"},{"doi-asserted-by":"crossref","unstructured":"D\u2019Elia, D.C., Coppa, E., Nicchi, S., Palmaro, F., Cavallaro, L.: Sok: using dynamic binary instrumentation for security (and how you may get caught red handed). In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 15\u201327 (2019)","key":"21_CR9","DOI":"10.1145\/3321705.3329819"},{"doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering with panda. In: Proceedings of the 5th Program Protection and Reverse Engineering Workshop, pp. 1\u201311 (2015)","key":"21_CR10","DOI":"10.1145\/2843859.2843867"},{"key":"21_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"502","DOI":"10.1007\/978-3-319-13257-0_32","volume-title":"Information Security","author":"R Farley","year":"2014","unstructured":"Farley, R., Wang, X.: CodeXt: automatic extraction of obfuscated attack code from memory dump. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 502\u2013514. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13257-0_32"},{"unstructured":"Sa\u00efdi, H., Porras, P., Yegneswaran, V.: Experiences in malware binary deobfuscation (2010)","key":"21_CR12"},{"unstructured":"Hron, M., Jerm\u00e1\u0159, J.: Safemachine malware needs love, too. Virus Bulletin (2014). https:\/\/www.virusbulletin.com\/uploads\/pdf\/conference_slides\/2014\/sponsorAVAST-VB2014.pdf","key":"21_CR13"},{"doi-asserted-by":"crossref","unstructured":"I. You, K.Y.: Malware obfuscation techniques: a brief survey. In: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 297\u2013300 (2010)","key":"21_CR14","DOI":"10.1109\/BWCCA.2010.85"},{"unstructured":"Marion, J.Y., Reynaud, D.: Dynamic binary instrumentation for deobfuscation and unpacking (2009)","key":"21_CR15"},{"key":"21_CR16","doi-asserted-by":"publisher","first-page":"7655","DOI":"10.1109\/ACCESS.2020.3048848","volume":"9","author":"YB Lee","year":"2021","unstructured":"Lee, Y.B., Suk, J.H., Lee, D.H.: Bypassing anti-analysis of commercial protector methods using DBI tools. IEEE Access 9, 7655\u20137673 (2021)","journal-title":"IEEE Access"},{"doi-asserted-by":"crossref","unstructured":"Lim, C., Kotualubun, Y.S., Ramli, K., et al.: Mal-Xtract: hidden code extraction using memory analysis. In: Journal of Physics: Conference Series, vol. 801, p. 012058. IOP Publishing (2017)","key":"21_CR17","DOI":"10.1088\/1742-6596\/801\/1\/012058"},{"key":"21_CR18","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.diin.2019.01.004","volume":"28","author":"C Lim","year":"2019","unstructured":"Lim, C., Ramli, K., Kotualubun, Y.S., et al.: Mal-flux: rendering hidden code of packed binary executable. Digit. Investig. 28, 83\u201395 (2019)","journal-title":"Digit. Investig."},{"issue":"6","key":"21_CR19","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/1064978.1065034","volume":"40","author":"CK Luk","year":"2005","unstructured":"Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. Acm Sigplan Notices 40(6), 190\u2013200 (2005)","journal-title":"Acm Sigplan Notices"},{"doi-asserted-by":"crossref","unstructured":"Campion, M.: Mila Dalla Preda, R.G.: Learning metamorphic malware signatures from samples (2021)","key":"21_CR20","DOI":"10.1007\/s11416-021-00377-z"},{"unstructured":"Naidu, V.J.: Identifying polymorphic malware variants using biosequence analysis techniques. Ph.D. thesis, Auckland University of Technology (2018)","key":"21_CR21"},{"issue":"5","key":"21_CR22","doi-asserted-by":"publisher","first-page":"1435","DOI":"10.1007\/s12046-015-0399-x","volume":"40","author":"S Naval","year":"2015","unstructured":"Naval, S., Laxmi, V., Gaur, M.S., et al.: An efficient block-discriminant identification of packed malware. Sadhana 40(5), 1435\u20131456 (2015)","journal-title":"Sadhana"},{"unstructured":"Oreans. www.oreans.com\/themida.php","key":"21_CR23"},{"key":"21_CR24","first-page":"167","volume":"3","author":"MMR Pasha","year":"2014","unstructured":"Pasha, M.M.R., Prathima, M.Y., Thirupati, L.: Malwise Syst. Packed Polymorphic Malware 3, 167\u2013172 (2014)","journal-title":"Malwise Syst. Packed Polymorphic Malware"},{"issue":"2","key":"21_CR25","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/s11416-020-00371-x","volume":"17","author":"F Plumerault","year":"2021","unstructured":"Plumerault, F., David, B.: Dbi, debuggers, vm: gotta catch them all. J. Comput. Virol. Hacking Tech. 17(2), 105\u2013117 (2021)","journal-title":"J. Comput. Virol. Hacking Tech."},{"doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: automating the hidden-code extraction of unpack-executing malware. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 289\u2013300. IEEE (2006)","key":"21_CR26","DOI":"10.1109\/ACSAC.2006.38"},{"unstructured":"Udupa, S.K., Debray, S.K., Madou, M.: Deobfuscation: reverse engineering obfuscated code. In: Proceedings of the 12th IEEE Working Conference on Reverse Engineering (WCRE 2005) (2005)","key":"21_CR27"},{"unstructured":"Shirazi, M.T.: Analysis of obfuscation transformations on binary code. Ph.D. thesis, Universit\u00e9 Grenoble Alpes (2019)","key":"21_CR28"},{"doi-asserted-by":"crossref","unstructured":"Suk, J.H., Lee, J.Y., Jin, H., Kim, I.S., Lee, D.H.: UnThemida: commercial obfuscation technique analysis with a fully obfuscated program (2018)","key":"21_CR29","DOI":"10.1002\/spe.2622"},{"unstructured":"Thilagavathi, A., Elumalai, M.: Proficient classification of packed and polymorphic malware using malwise","key":"21_CR30"},{"doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: SoK: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: 2015 IEEE Symposium on Security and Privacy, pp. 659\u2013673. IEEE (2015)","key":"21_CR31","DOI":"10.1109\/SP.2015.46"},{"unstructured":"V. Craciun, A. Nacu, M.A.: It\u2019s a file infector... it\u2019s ransomware... it\u2019s virlock (2015)","key":"21_CR32"},{"doi-asserted-by":"crossref","unstructured":"Guillot, Y., Gazet, A.: Automatic binary deobfuscation (2010)","key":"21_CR33","DOI":"10.1007\/s11416-009-0126-4"},{"unstructured":"Yason, M.V.: The art of unpacking (2007)","key":"21_CR34"}],"container-title":["Lecture Notes in Computer Science","Innovative Security Solutions for Information Technology and Communications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-17510-7_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,23]],"date-time":"2022-12-23T12:05:26Z","timestamp":1671797126000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-17510-7_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031175091","9783031175107"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-17510-7_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"13 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}