{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:54:25Z","timestamp":1783439665906,"version":"3.54.6"},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540883128","type":"print"},{"value":"9783540883135","type":"electronic"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-88313-5_31","type":"book-chapter","created":{"date-parts":[[2008,10,4]],"date-time":"2008-10-04T04:41:44Z","timestamp":1223095304000},"page":"481-500","source":"Crossref","is-referenced-by-count":51,"title":["Eureka: A Framework for Enabling Static Malware Analysis"],"prefix":"10.1007","author":[{"given":"Monirul","family":"Sharif","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Vinod","family":"Yegneswaran","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hassen","family":"Saidi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Phillip","family":"Porras","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"31_CR1","unstructured":"IDA Pro Dissasember, http:\/\/www.datarescue.com\/ida.htm"},{"key":"31_CR2","unstructured":"Ollydbg, http:\/\/www.ollydbg.de"},{"key":"31_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-540-24723-4_2","volume-title":"Compiler Construction","author":"G. Balakrishnan","year":"2004","unstructured":"Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol.\u00a02985, pp. 5\u201323. Springer, Heidelberg (2004)"},{"key":"31_CR4","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A tool for analyzing malware. In: EICAR (2006)"},{"key":"31_CR5","unstructured":"BitBlaze, http:\/\/bitblaze.cs.berkeley.edu"},{"key":"31_CR6","unstructured":"Brumley, D., Hartwig, C., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Bitscope: Automatically dissecting malicious binaries. In: CMU-CS-07-133 (2007)"},{"key":"31_CR7","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, The University of Auckland (July 1997)"},{"key":"31_CR8","doi-asserted-by":"crossref","unstructured":"Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the ACM Symposium on Principles of Programming Languages (POPL 1998) (January 1998)","DOI":"10.1145\/268946.268962"},{"key":"31_CR9","unstructured":"Willems, C.: CWSandbox: Automatic Behaviour Analysis of Malware (2006), http:\/\/www.cwsandbox.org\/"},{"key":"31_CR10","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the Usenix Security (2003)"},{"key":"31_CR11","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware malware detection. In: Proceedings of the IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"31_CR12","doi-asserted-by":"crossref","unstructured":"Crandall, J.R., Su, Z., Wu, S.F., Chong, F.T.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: The proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005) (2005)","DOI":"10.1145\/1102120.1102152"},{"key":"31_CR13","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proceedings of WORM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"31_CR14","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the Usenix Security Symposium (2006)"},{"key":"31_CR15","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"C. Kruegel","year":"2004","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol.\u00a03189. Springer, Heidelberg (2004)"},{"key":"31_CR16","unstructured":"Malfease Malware Repository, https:\/\/malfease.oarci.net"},{"key":"31_CR17","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"L. Martignoni","year":"2007","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: Fast, generic, and safe unpacking of malware. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol.\u00a04697. Springer, Heidelberg (2007)"},{"key":"31_CR18","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the IEEE Symposium of Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"31_CR19","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol.\u00a04697. Springer, Heidelberg (2007)"},{"key":"31_CR20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-03811-6","volume-title":"Principles of Program Analysis","author":"F. Nielson","year":"1999","unstructured":"Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)"},{"key":"31_CR21","unstructured":"Offensive Computing, https:\/\/www.offensivecomputing.net"},{"key":"31_CR22","unstructured":"Realms, S.: Armadillo protector, http:\/\/www.woodmann.com\/crackz\/Packers.htm#armadillo"},{"key":"31_CR23","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"P. Royal","year":"2006","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol.\u00a04186. Springer, Heidelberg (2006)"},{"key":"31_CR24","unstructured":"Pearce, S.: Viral polymorphism. VX Heavens (2003)"},{"key":"31_CR25","unstructured":"Stolfo, S.J., Wang, K., Li, W.-J.: Fileprint analysis for malware detection. In: ACM CCS WORM (2005)"},{"key":"31_CR26","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Symatec Press (2005)"},{"key":"31_CR27","unstructured":"Virus Total Inc., http:\/\/www.virus-total.com"},{"key":"31_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 226\u2013248. Springer, Heidelberg (2006)"},{"key":"31_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"},{"key":"31_CR30","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes in Computer Science","Computer Security - ESORICS 2008"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-88313-5_31","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,8]],"date-time":"2020-05-08T20:34:17Z","timestamp":1588970057000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-88313-5_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540883128","9783540883135"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-88313-5_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008]]}}}