{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:40:57Z","timestamp":1780634457514,"version":"3.54.1"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319608754","type":"print"},{"value":"9783319608761","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60876-1_4","type":"book-chapter","created":{"date-parts":[[2017,6,3]],"date-time":"2017-06-03T08:00:34Z","timestamp":1496476834000},"page":"73-96","source":"Crossref","is-referenced-by-count":41,"title":["Measuring and Defeating Anti-Instrumentation-Equipped Malware"],"prefix":"10.1007","author":[{"given":"Mario","family":"Polino","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sebastiano","family":"Mariani","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Stefano","family":"D\u2019Alessio","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lorenzo","family":"Fontana","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fabio","family":"Gritti","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,6,4]]},"reference":[{"key":"4_CR1","unstructured":"Exeinfo PE. http:\/\/exeinfo.atwebpages.com\/"},{"key":"4_CR2","unstructured":"Obsidium. https:\/\/www.obsidium.de\/show\/download\/en"},{"key":"4_CR3","unstructured":"PESpin. http:\/\/www.pespin.com\/"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Aaraj, N., Raghunathan, A., Jha, N.K.: Dynamic binary instrumentation-based framework for malware defense. In: Proceeding of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) (2008)","DOI":"10.1007\/978-3-540-70542-0_4"},{"key":"4_CR5","unstructured":"Arne, S., Alaeddine, M.: One packer to rule them all: Empirical identification, comparison and circumvention of current Antivirus detection techniques. https:\/\/www.blackhat.com\/docs\/us-14\/materials\/us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf"},{"issue":"5","key":"4_CR6","first-page":"257","volume":"7","author":"R Arora","year":"2013","unstructured":"Arora, R., Singh, A., Pareek, H., Edara, U.R.: A heuristics-based static analysis approach for detecting packed PE binaries. Int. J. Secur. Appl. 7(5), 257\u2013268 (2013)","journal-title":"Int. J. Secur. Appl."},{"key":"4_CR7","unstructured":"Bania, P.: Generic unpacking of self-modifying, aggressive, packed binary programs. arXiv preprint arXiv:0905.4581 (2009)"},{"key":"4_CR8","unstructured":"BromiumLabs. The Packer Attacker is a generic hidden code extractor for Windows malware. https:\/\/github.com\/BromiumLabs\/PackerAttacker"},{"key":"4_CR9","unstructured":"Bruening, D., Duesterwald, E., Amarasinghe, S.: Design and implementation of a dynamic optimization framework for windows. In: ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4) (2001)"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection (2008)","DOI":"10.1007\/978-0-387-68768-1_4"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Caballero, J., Johnson, N.M., McCamant, S., Song, D.: Binary code extraction and interface identification for security applications. Technical report, DTIC Document (2009)","DOI":"10.21236\/ADA538737"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., Maggi, F.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceeding of the Annual Conference on Computer Security Applications (ACSAC) (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Coogan, K., Debray, S., Kaochar, T., Townsend, G.: Automatic static unpacking of malware binaries. In: Proceeding of Working Conference on Reverse Engineering (WCRE). IEEE (2009)","DOI":"10.1109\/WCRE.2009.24"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Deng, Z., Zhang, X., Spider, D.: Stealthy binary program instrumentation and debugging via hardware virtualization. In: Proceeding of the Annual Computer Security Applications Conference (ACSAC) (2013)","DOI":"10.1145\/2523649.2523675"},{"key":"4_CR15","unstructured":"Falcon, F., Riva, N.: Dynamic binary instrumentation frameworks: i know you\u2019re there spying on me. In: Proceeding of Reverse Engineering Conference (2012)"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-23644-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"F Gr\u00f6bert","year":"2011","unstructured":"Gr\u00f6bert, F., Willems, C., Holz, T.: Automated identification of cryptographic primitives in binary programs. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 41\u201360. Springer, Heidelberg (2011). doi: 10.1007\/978-3-642-23644-0_3"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Guo, F., Ferrie, P., Chiueh, T.-C.: A study of the packer problem and its solutions. In: Proceeding of International Workshop on Recent Advances in Intrusion Detection (RAID) (2008)","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"4_CR18","unstructured":"Hex-Rays. IDA Universal Unpacker. https:\/\/www.hex-rays.com\/products\/ida\/support\/tutorials\/unpack_pe\/index.shtml"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: Barebox: efficient malware analysis on bare-metal. In: Proceeding of the Annual Computer Security Applications Conference (ACSAC). ACM (2011)","DOI":"10.1145\/2076732.2076790"},{"key":"4_CR21","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: BareCloud: bare-metal analysis-based evasive malware detection. In: Proceeding of USENIX Security (2014)"},{"key":"4_CR22","unstructured":"Lenoir, J.: Implementing Your Own Generic Unpacker (2015)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM Sigplan Notices. ACM (2005)","DOI":"10.1145\/1065010.1065034"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. In: Proceeding of IEEE symposium on Security and Privacy (SP). IEEE (2007)","DOI":"10.1109\/MSP.2007.48"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: fast, generic, and safe unpacking of malware. In: Proceeding of the Annual Computer Security Applications Conference (ACSAC). IEEE (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"4_CR26","unstructured":"Ming, J., Wu, D., Xiao, G., Wang, J., Liu, P.: TaintPipe: pipelined symbolic taint analysis. In: Proceeding of USENIX Security (2015)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Ming, J., Xu, D., Wang, L., Wu, D.: Loop: logic-oriented opaque predicate detection in obfuscated binary code. In: Proceeding of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM (2015)","DOI":"10.1145\/2810103.2813617"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceeding of IEEE symposium on Security and Privacy (SP) (2007)","DOI":"10.1109\/SP.2007.17"},{"issue":"2","key":"4_CR29","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/S1571-0661(04)81042-9","volume":"89","author":"N Nethercote","year":"2003","unstructured":"Nethercote, N., Seward, J.: Valgrind: a program supervision framework. Electron. Notes Theor. Comput. Sci. 89(2), 44\u201366 (2003)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Polino, M., Scorti, A., Maggi, F., Zanero, S.: Jackdaw: towards automatic reverse engineering of large datasets of binaries. In: Proceeding of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) (2015)","DOI":"10.1007\/978-3-319-20550-2_7"},{"key":"4_CR31","unstructured":"Quist, D.: Circumventing software armoring techniques. https:\/\/www.blackhat.com\/presentations\/bh-usa-07\/Quist_and_Valsmith\/Presentation\/bh-usa-07-quist_and_valsmith.pdf"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., Van Steen, M.: Prudent practices for designing malware experiments: status quo and outlook. In: Proceeding of IEEE symposium on Security and Privacy (SP) (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: automating the hidden-code extraction of unpack-executing malware (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"4_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1007\/978-3-319-45719-2_11","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Sebasti\u00e1n","year":"2016","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230\u2013253. Springer, Cham (2016). doi: 10.1007\/978-3-319-45719-2_11"},{"key":"4_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1007\/978-3-540-88313-5_31","volume-title":"Computer Security - ESORICS 2008","author":"M Sharif","year":"2008","unstructured":"Sharif, M., Yegneswaran, V., Saidi, H., Porras, P., Lee, W.: Eureka: a framework for enabling static malware analysis. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 481\u2013500. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-88313-5_31"},{"key":"4_CR36","volume-title":"Practical Malware Analysis","author":"M Sikorski","year":"2012","unstructured":"Sikorski, M., Honig, A.: Practical Malware Analysis. No Starch Press, San Francisco (2012)"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Spensky, C., Hu, H., Leach, K.: LO-PHI: low observable physical host instrumentation. In: Proceeding of the Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23121"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G. SoK: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: Proceeding of IEEE symposium on Security and Privacy (SP). IEEE (2015)","DOI":"10.1109\/SP.2015.46"},{"key":"4_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-319-40667-1_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"X Ugarte-Pedrero","year":"2016","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: RAMBO: run-time packer analysis with multiple branch observation. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 186\u2013206. Springer, Cham (2016). doi: 10.1007\/978-3-319-40667-1_10"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Stealth breakpoints. In: Proceeding of the Annual Computer Security Applications Conference (ACSAC). IEEE (2005)","DOI":"10.1109\/CSAC.2005.52"},{"key":"4_CR41","unstructured":"Vasudevan, A., Yerraballi, R.: Spike: engineering malware analysis tools using unobtrusive binary-instrumentation. In: Proceeding of the 29th Australasian Computer Science Conference, vol. 48. Australian Computer Society Inc. (2006)"},{"key":"4_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","volume-title":"Recent Advances in Intrusion Detection","author":"J Wilhelm","year":"2007","unstructured":"Wilhelm, J., Chiueh, T.: A forced sampled execution approach to kernel rootkit identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 219\u2013235. Springer, Heidelberg (2007). doi: 10.1007\/978-3-540-74320-0_12"},{"key":"4_CR43","doi-asserted-by":"crossref","unstructured":"Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: Proceeding of IEEE symposium on Security and Privacy (SP). IEEE (2015)","DOI":"10.1109\/SP.2015.47"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Yu, S.-C., Li, Y.-C.: A unpacking and reconstruction system-agunpacker. In: Proceeding of International Symposium on Computer Network and Multimedia Technology, (CNMT). IEEE (2009)","DOI":"10.1109\/CNMT.2009.5374512"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60876-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,25]],"date-time":"2019-09-25T11:17:43Z","timestamp":1569410263000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60876-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319608754","9783319608761"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60876-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}