{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:37:55Z","timestamp":1773193075582,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642412837","type":"print"},{"value":"9783642412844","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_7","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T13:35:11Z","timestamp":1382448911000},"page":"123-143","source":"Crossref","is-referenced-by-count":18,"title":["API Chaser: Anti-analysis Resistant Malware Analyzer"],"prefix":"10.1007","author":[{"given":"Yuhei","family":"Kawakoya","sequence":"first","affiliation":[]},{"given":"Makoto","family":"Iwamura","sequence":"additional","affiliation":[]},{"given":"Eitaro","family":"Shioji","sequence":"additional","affiliation":[]},{"given":"Takeo","family":"Hariu","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-540-70500-0_25","volume-title":"Information Security and Privacy","author":"V.S. Sathyanarayan","year":"2008","unstructured":"Sathyanarayan, V.S., Kohli, P., Bruhadeshwar, B.: Signature Generation and Detection of Malware Families. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol.\u00a05107, pp. 336\u2013349. Springer, Heidelberg (2008)"},{"key":"7_CR2","unstructured":"Suenaga, M.: A Museum of API Obfuscation on Win32. In: Proceedings of 12th Association of Anti-Virus Asia Researchers International Conference, AVAR 2009 (2009)"},{"key":"7_CR3","unstructured":"Yason, M.V.: The Art of Unpacking. In: Black Hat USA Briefings (2007)"},{"key":"7_CR4","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005 (2005)"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. In: Proceedings of the 1st European Conference on Computer Systems, EuroSys 2006 (2006)","DOI":"10.1145\/1217935.1217938"},{"key":"7_CR6","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: Proceedings of the European Institute for Computer Antivirus Research Annual Conference, EICAR 2006 (2006)"},{"key":"7_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D. Song","year":"2008","unstructured":"Song, D., et al.: BitBlaze: A New Approach to Computer Security via Binary Analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol.\u00a05352, pp. 1\u201325. Springer, Heidelberg (2008)"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained Malware Analysis using Stealth Localized-Executions. In: Proceedings of 2006 IEEE Symposium on Security and Privacy, Oakland (2006)","DOI":"10.1109\/SP.2006.9"},{"key":"7_CR9","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C. Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy\u00a05, 32\u201339 (2007)","journal-title":"IEEE Security and Privacy"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"7_CR11","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D.X., Yin, H.: Automatically Identifying Trigger-based Behavior in Malware. In: Botnet Detection (2007)"},{"key":"7_CR12","unstructured":"Lastline Whitepaper: Automated detection and mitigation of execution-stalling malicious code, \n                    \n                      http:\/\/www.lastline.com\/papers\/antistalling_code.pdf"},{"key":"7_CR13","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, NDSS 2005 (2005)"},{"key":"7_CR14","unstructured":"Carrier, B.: The slueth kit(tsk), \n                    \n                      http:\/\/www.sleuthkit.org\/"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Iwamura, M., Itoh, M., Muraoka, Y.: Towards Efficient Analysis for Malware in the Wild. In: Proceedings of IEEE International Conference on Communications, ICC 2011 (2011)","DOI":"10.1109\/icc.2011.5963469"},{"key":"7_CR16","unstructured":"Hex-Rays: IDA, \n                    \n                      https:\/\/www.hex-rays.com\/"},{"key":"7_CR17","unstructured":"The Undocumented Functions, \n                    \n                      http:\/\/undocumented.ntinternals.net\/"},{"key":"7_CR18","unstructured":"React OS Project, \n                    \n                      http:\/\/www.reactos.org\/"},{"key":"7_CR19","unstructured":"The Volatility Framework, \n                    \n                      https:\/\/code.google.com\/p\/volatility\/"},{"key":"7_CR20","unstructured":"Themida, \n                    \n                      http:\/\/www.oreans.com\/themida.php"},{"key":"7_CR21","unstructured":"Microsoft: Intorduction to hotpatching, http:\/\/technet.microsoft.com\/en-us\/library\/cc781109(v=ws.10).aspx"},{"key":"7_CR22","unstructured":"Ermolinskiy, A., Katti, S., Shenker, S., Fowler, L.L., McCauley, M.: Towards Practical Taint Tracking. Technical Report UCB\/EECS-2010-92, EECS Department, University of California, Berkeley (2010)"},{"key":"7_CR23","unstructured":"Joe Security LLC: Joebox sandbox, \n                    \n                      http:\/\/www.joesecurity.org\/"},{"key":"7_CR24","unstructured":"Vasudevan, A., Yerraballi, R.: Stealth Breakpoints. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC 2005 (2005)"},{"key":"7_CR25","unstructured":"Anubis: Analyzing unknown binaries, \n                    \n                      http:\/\/anubis.iseclab.org\/"},{"key":"7_CR26","unstructured":"Norman Sandbox White Paper, \n                    \n                      http:\/\/download.norman.no\/whitepapers\/whitepaper_Norman_SandBox.pdf"},{"key":"7_CR27","unstructured":"Ferrie, P.: Attacks on Virtual Machine Emulators. In: Symantec Security Response (2006)"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Kawakoya, Y., Iwamura, M., Itoh, M.: Memory Behavior-Based Automatic Malware Unpacking in Stealth Debugging Environment. In: Proceedings of 5th IEEE International Conference on Malicious and Unwanted Software (2010)","DOI":"10.1109\/MALWARE.2010.5665794"},{"key":"7_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P. Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting Return-Oriented Programming Malicious Code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol.\u00a05905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"7_CR30","unstructured":"Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS 2011 (2011)"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Slowinska, A., Bos, H.: Pointless Tainting?: Evaluating the Practicality of Pointer Tainting. In: Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys 2009 (2009)","DOI":"10.1145\/1519065.1519073"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,23]],"date-time":"2019-05-23T18:49:52Z","timestamp":1558637392000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}