{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T22:55:08Z","timestamp":1768431308077,"version":"3.49.0"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319608754","type":"print"},{"value":"9783319608761","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60876-1_6","type":"book-chapter","created":{"date-parts":[[2017,6,3]],"date-time":"2017-06-03T08:00:34Z","timestamp":1496476834000},"page":"119-138","source":"Crossref","is-referenced-by-count":19,"title":["Finding the Needle: A Study of the PE32 Rich Header and Respective Malware Triage"],"prefix":"10.1007","author":[{"given":"George D.","family":"Webster","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bojan","family":"Kolosnjaji","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"von Pentz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julian","family":"Kirsch","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zachary D.","family":"Hanif","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Apostolis","family":"Zarras","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Claudia","family":"Eckert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,6,4]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In: Annual International Conference on Privacy Security and Trust (PST) (2010)","DOI":"10.1109\/PST.2010.5593240"},{"key":"6_CR2","unstructured":"RCE Cafe. Microsoft\u2019s Rich Signature (Undocumented) - Comments, February 2008. \nhttp:\/\/rcecafe.net\/?p=27"},{"key":"6_CR3","unstructured":"Chiang, K., Lloyd, L.: A case study of the rustock rootkit and spam bot. In: The First Workshop in Understanding Botnets (2007)"},{"key":"6_CR4","unstructured":"Mandiant Intelligence. APT1: Exposing One of China\u2019s Cyber Espionage Units. 2013. \nMandian.com"},{"key":"6_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-642-37300-8_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G Jacob","year":"2013","unstructured":"Jacob, G., Comparetti, P.M., Neugschwandtner, M., Kruegel, C., Vigna, G.: A static, packer-agnostic filter to detect similar malware samples. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 102\u2013122. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-37300-8_6"},{"key":"6_CR6","unstructured":"Kendall, K., McMillan, C.: Practical malware analysis. In: Black Hat Conference, USA (2007)"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1007\/978-3-319-40667-1_21","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"B Kolosnjaji","year":"2016","unstructured":"Kolosnjaji, B., Zarras, A., Lengyel, T., Webster, G., Eckert, C.: Adaptive semantics-aware malware classification. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 419\u2013439. Springer, Cham (2016). doi:\n10.1007\/978-3-319-40667-1_21"},{"key":"6_CR8","unstructured":"Lifewire. Things They Didn\u2019t Tell You About MS Link and the PE Header (29A) (2004)"},{"key":"6_CR9","volume-title":"Malware Analyst\u2019s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code","author":"M Ligh","year":"2010","unstructured":"Ligh, M., Adair, S., Hartstein, B., Richard, M.: Malware Analyst\u2019s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley Publishing, Indianapolis (2010)"},{"key":"6_CR10","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"2","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 2, 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"6_CR11","unstructured":"Mandiant. Tracking Malware With Import Hashing, January 2014. \nhttps:\/\/www.fireeye.com\/blog\/threat-research\/2014\/01\/tracking-malware-import-hashing.html"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: fast, generic, and safe unpacking of malware. In: Annual Computer Security Applications Conference (ACSAC) (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"6_CR13","unstructured":"Microsoft. Microsoft Portable Executable and Common Object File Format Specification, Rev. 8.3 (2013)"},{"key":"6_CR14","unstructured":"Microsoft. Common Object File Format - KB121460 (2016). \nhttps:\/\/support.microsoft.com\/en-us\/kb\/121460"},{"key":"6_CR15","unstructured":"Parkour, M., DiMino, A.: Deepend research, May 2015. \nhttp:\/\/www.deependresearch.org\/2012\/08\/yara-signature-exchange-google-group.htm"},{"issue":"14","key":"6_CR16","doi-asserted-by":"crossref","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recognit. Lett. 29(14), 1941\u20131946 (2008)","journal-title":"Pattern Recognit. Lett."},{"issue":"2","key":"6_CR17","first-page":"80","volume":"17","author":"M Pietrek","year":"2002","unstructured":"Pietrek, M.: An in-depth look into the win32 portable executable file format. MSDN Mag. 17(2), 80\u201390 (2002)","journal-title":"MSDN Mag."},{"key":"6_CR18","unstructured":"Pistelli, D.: Microsoft\u2019s Rich Signature (Undocumented) (2012)"},{"key":"6_CR19","unstructured":"Roberts, J.-M.: Virus share, April 2016. \nhttps:\/\/virusshare.com\/"},{"key":"6_CR20","unstructured":"Sarm\u00e9jeanne, S.: The HTran tool used to hack into french companies, August 2011. \nhttps:\/\/www.lexsi.com\/securityhub\/the-htran-tool-used-to-hack-into-french-companies\/?lang=en"},{"key":"6_CR21","unstructured":"Sherstobitoff, R.: Inside the world of the citadel trojan. Emergence 9 (2012)"},{"key":"6_CR22","unstructured":"Stephen, T.: Rich Header, January 2008. \nhttp:\/\/trendystephen.blogspot.de\/2008\/01\/rich-header.html"},{"key":"6_CR23","unstructured":"Oreans Technologies. Themida - Advanced Windows Software Protection System, January 2016. \nhttp:\/\/www.oreans.com\/themida.php"},{"key":"6_CR24","unstructured":"Tomonaga, S.: Classifying malware using import API and fuzzy hashing -impfuzzy-, May 2016. \nhttp:\/\/blog.jpcert.or.jp\/2016\/05\/classifying-mal-a988.html"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-319-45871-7_15","volume-title":"Information Security","author":"GD Webster","year":"2016","unstructured":"Webster, G.D., Hanif, Z.D., Ludwig, A.L.P., Lengyel, T.K., Zarras, A., Eckert, C.: SKALD: a scalable architecture for feature extraction, multi-user analysis, and real-time information sharing. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 231\u2013249. Springer, Cham (2016). doi:\n10.1007\/978-3-319-45871-7_15"},{"key":"6_CR26","unstructured":"Wicherski, G.: peHash: a novel approach to fast malware clustering. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2009)"},{"issue":"5","key":"6_CR27","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/MSP.2008.126","volume":"6","author":"W Yan","year":"2008","unstructured":"Yan, W., Zhang, Z., Ansari, N.: Revealing packed malware. IEEE Secur. Priv. 6(5), 65\u201369 (2008)","journal-title":"IEEE Secur. Priv."},{"key":"6_CR28","unstructured":"Zakorzhevsky, V.: Mediyes - the dropper with a valid signature, March 2012. \nhttps:\/\/securelist.com\/blog\/research\/32397\/mediyes-the-dropper-with-a-valid-signature-8\/"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60876-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,12]],"date-time":"2017-06-12T12:13:03Z","timestamp":1497269583000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60876-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319608754","9783319608761"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60876-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}