{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:39:44Z","timestamp":1772041184361,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319263618","type":"print"},{"value":"9783319263625","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_17","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"359-381","source":"Crossref","is-referenced-by-count":42,"title":["AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware"],"prefix":"10.1007","author":[{"given":"Wenbo","family":"Yang","sequence":"first","affiliation":[]},{"given":"Yuanyuan","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Juanru","family":"Li","sequence":"additional","affiliation":[]},{"given":"Junliang","family":"Shu","sequence":"additional","affiliation":[]},{"given":"Bodong","family":"Li","sequence":"additional","affiliation":[]},{"given":"Wenjun","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"17_CR1","unstructured":"An APK Fake Encryption Sample. \n                      https:\/\/github.com\/blueboxsecurity\/DalvikBytecodeTampering"},{"key":"17_CR2","unstructured":"$$\\mathbf{API_{-}permissions.py}$$\n                    \n           in AndroGuard. \n                      https:\/\/github.com\/androguard\/androguard\/blob\/master\/androguard\/core\/bytecodes\/api_permissions.py"},{"key":"17_CR3","unstructured":"AVL Malware Report (2014). \n                      http:\/\/blog.avlyun.com\/2015\/02\/2137\/malware-report\/"},{"key":"17_CR4","unstructured":"libdex\/DexFile.h - platform\/dalvik - Git at Google. \n                      https:\/\/android.googlesource.com\/platform\/dalvik\/+\/android-4.4.2_r2\/libdex\/DexFile.h"},{"key":"17_CR5","unstructured":"SandDroid - An automatic Android application analysis system. \n                      http:\/\/sanddroid.xjtu.edu.cn\/"},{"key":"17_CR6","unstructured":"Apvrille, A.: Playing Hide and Seek with Dalvik Executables. Hacktivity (2013)"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., H\u00fcbner, M., Gascon, H., Rieck, K., CERT Siemens: Drebin: Effective and explainable detection of android malware in your pocket. In: Proceedings of Network and Distributed System Security Symposium (NDSS), 21st (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Bilge, L., Lanzi, A., Balzarotti, D.: Thwarting real-time dynamic unpacking. In: Proceedings of European Workshop on System Security, 4th (2011)","DOI":"10.1145\/1972551.1972556"},{"key":"17_CR9","unstructured":"B\u00f6hne, L.: Pandoras bochs: Automatic unpacking of malware. PhD thesis, University of Mannheim (2008)"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (2011)","DOI":"10.1145\/2046614.2046619"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1007\/978-3-642-40203-6_11","volume-title":"Computer Security \u2013 ESORICS 2013","author":"J Crussell","year":"2013","unstructured":"Crussell, J., Gibler, C., Chen, H.: AnDarwin: scalable detection of semantically similar android applications. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 182\u2013199. Springer, Heidelberg (2013)"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (2012)","DOI":"10.1145\/2307636.2307663"},{"key":"17_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-540-87403-4_6","volume-title":"Recent Advances in Intrusion Detection","author":"F Guo","year":"2008","unstructured":"Guo, F., Ferrie, P., Chiueh, T.: A study of the packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 98\u2013115. Springer, Heidelberg (2008)"},{"key":"17_CR14","unstructured":"Hu, W.: Guess Where I am: Detection and Prevention of Emulator Evading on Android. HITCON (2014)"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proceedings of the 5th ACM Workshop on Recurring Malcode (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: Proceedings of the 23rd Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"17_CR17","unstructured":"Park, Y.: We can still crack you! general unpacking method for android packer (not root). In: Black Hat Asia (2015)"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the 7th European Workshop on System Security (EuroSec) (2014)","DOI":"10.1145\/2592791.2592796"},{"key":"17_CR19","unstructured":"Rasthofer, S., Arzt, S., Miltenberger, M., Bodden, E.: Harvesting runtime data in android applications for identifying malware and enhancing code analysis. Technical report (2015)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: automating the hidden-code extraction of unpack-executing malware. In: Proceedings of the 22nd Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"17_CR21","unstructured":"Schulz, P., Matenaar, F.: Android reverse engineering and defenses. \n                      http:\/\/bluebox.com\/wp-content\/uploads\/2013\/05\/AndroidREnDefenses201305.pdf"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1007\/978-3-540-88313-5_31","volume-title":"Computer Security - ESORICS 2008","author":"M Sharif","year":"2008","unstructured":"Sharif, M., Yegneswaran, V., Saidi, H., Porras, P.A., Lee, W.: Eureka: a framework for enabling static malware analysis. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 481\u2013500. Springer, Heidelberg (2008)"},{"key":"17_CR23","volume-title":"Dex Education: Practicing Safe Dex","author":"T Strazzere","year":"2012","unstructured":"Strazzere, T.: Dex Education: Practicing Safe Dex. Black Hat, USA (2012)"},{"key":"17_CR24","unstructured":"Strazzere, T.: Dex education 201: anti-emulation. HITCON (2013)"},{"key":"17_CR25","unstructured":"Strazzere, T., Sawyer, J.: ANDROID HACKER PROTECTION LEVEL 0. DEF CON 22 (2014)"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: SoK: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: Proceedings of IEEE Symposium on Security and Privacy 36th (2015)","DOI":"10.1109\/SP.2015.46"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In Proceedings of ACM symposium on Information, computer and communications security, 9th (2014)","DOI":"10.1145\/2590296.2590325"},{"key":"17_CR28","unstructured":"Yu, R.: Android packers: facing the challenges, building solutions. In: Proceedings of the 24th Virus Bulletin International Conference (2014)"},{"key":"17_CR29","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Luo, X., Yin, H.: Dexhunter: toward extracting hidden code from packed android applications. In: Proceedings ESORICS (2015)","DOI":"10.1007\/978-3-319-24177-7_15"},{"key":"17_CR30","unstructured":"Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium (NDSS) (2012)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T09:21:31Z","timestamp":1559294491000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}