{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T05:03:34Z","timestamp":1751000614808},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642412837"},{"type":"electronic","value":"9783642412844"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_9","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T17:35:11Z","timestamp":1382463311000},"page":"164-183","source":"Crossref","is-referenced-by-count":8,"title":["Deobfuscating Embedded Malware Using Probable-Plaintext Attacks"],"prefix":"10.1007","author":[{"given":"Christian","family":"Wressnegger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank","family":"Boldewin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"unstructured":"Bencs\u00e1th, B., P\u00e9k, G., Felegyhazi, L.B., Duqu, M.: Analysis, detection, and lessons learned. In: European Workshop on System Security (EUROSEC) (2012)","key":"9_CR1"},{"issue":"1","key":"9_CR2","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1080\/0161-119191865795","volume":"15","author":"H.A. Bergen","year":"1991","unstructured":"Bergen, H.A., Caelli, W.J.: File security in WordPerfect 5.0. Cryptologia\u00a015(1), 57\u201366 (1991)","journal-title":"Cryptologia"},{"unstructured":"Boldewin, F.: OfficeMalScanner, http:\/\/www.reconstructer.org\/code.html","key":"9_CR3"},{"doi-asserted-by":"crossref","unstructured":"Calvet, J., Fernandez, J.M., Marion, J.Y.: Aligot: Cryptographic function identification in obfuscated binary programs. In: ACM Conference on Computer and Communications Security (CCS), pp. 169\u2013182 (2012)","key":"9_CR4","DOI":"10.1145\/2382196.2382217"},{"doi-asserted-by":"crossref","unstructured":"Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: International World Wide Web Conference (WWW), pp. 281\u2013290 (2010)","key":"9_CR5","DOI":"10.1145\/1772690.1772720"},{"unstructured":"CrySyS Malware Intelligence Team: Miniduke: Indicators. Budapest University of Technology and Economics (February 2013)","key":"9_CR6"},{"doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware analysis via hardware virtualization extensions. In: ACM Conference on Computer and Communications Security (CCS), pp. 51\u201362 (2008)","key":"9_CR7","DOI":"10.1145\/1455770.1455779"},{"unstructured":"Engelberth, M., Willems, C., Holz, T.: MalOffice: Detecting malicious documents with combined static and dynamic analysis. In: Virus Bulletin Conference (2009)","key":"9_CR8"},{"unstructured":"Friedman, W.: The index of coincidence and its applications in cryptology. Tech. rep., Riverbank Laboratories, Department of Ciphers (1922)","key":"9_CR9"},{"unstructured":"Friedman, W., Callimahos, L.: Military Cryptanalytics. Aegean Park Press (1985)","key":"9_CR10"},{"key":"9_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-642-37300-8_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G. Jacob","year":"2013","unstructured":"Jacob, G., Comparetti, P.M., Neugschwandtner, M., Kruegel, C., Vigna, G.: A static, packer-agnostic filter to detect similar malware samples. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol.\u00a07591, pp. 102\u2013122. Springer, Heidelberg (2013)"},{"unstructured":"Kasiski, F.W.: Die Geheimschriften und die Dechiffrir-Kunst. E. S. Mittler und Sohn (1863)","key":"9_CR12"},{"doi-asserted-by":"crossref","unstructured":"Laskov, P., \u0160rndi\u0107, N.: Static detection of malicious JavaScript-bearing PDF documents. In: Annual Computer Security Applications Conference (ACSAC), pp. 373\u2013382 (2011)","key":"9_CR13","DOI":"10.1145\/2076732.2076785"},{"doi-asserted-by":"crossref","unstructured":"Lewand, R.: Cryptological mathematics. Classroom Resource Materials, The Mathematical Association of America (2000)","key":"9_CR14","DOI":"10.1090\/clrm\/016"},{"key":"9_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-540-73614-1_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"W.J. Li","year":"2007","unstructured":"Li, W.J., Stolfo, S., Stavrou, A., Androulaki, E., Keromytis, A.D.: A study of malcode-bearing documents. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 231\u2013250. Springer, Heidelberg (2007)"},{"unstructured":"Malware Tracker Ltd.: Cryptam, http:\/\/www.cryptam.com (visited June 2013)","key":"9_CR16"},{"doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodeorescu, M., Jha, S.: OmniUnpack: Fast, generic, and safe unpacking of malware. In: Annual Computer Security Applications Conference (ACSAC), pp. 431\u2013441 (2007)","key":"9_CR17","DOI":"10.1109\/ACSAC.2007.15"},{"doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: Automating the hidden-code extraction of unpack-executing malware. In: Annual Computer Security Applications Conference (ACSAC), pp. 289\u2013300 (2006)","key":"9_CR18","DOI":"10.1109\/ACSAC.2006.38"},{"unstructured":"Schneier, B.: Applied Cryptography. John Wiley and Sons (1996)","key":"9_CR19"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-642-37300-8_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T. Schreck","year":"2013","unstructured":"Schreck, T., Berger, S., G\u00f6bel, J.: BISSAM: Automatic vulnerability identification of office documents. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol.\u00a07591, pp. 204\u2013213. Springer, Heidelberg (2013)"},{"key":"9_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-540-70542-0_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M.Z. Shafiq","year":"2008","unstructured":"Shafiq, M.Z., Khayam, S.A., Farooq, M.: Embedded malware detection using markov n-grams. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 88\u2013107. Springer, Heidelberg (2008)"},{"doi-asserted-by":"crossref","unstructured":"Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Automatic reverse engineering of malware emulators. In: IEEE Symposium on Security and Privacy, pp. 94\u2013109 (2009)","key":"9_CR22","DOI":"10.1109\/SP.2009.27"},{"doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: Annual Computer Security Applications Conference (ACSAC), pp. 239\u2013248 (2012)","key":"9_CR23","DOI":"10.1145\/2420950.2420987"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/3-540-45473-X_10","volume-title":"Fast Software Encryption","author":"M. Stay","year":"2002","unstructured":"Stay, M.: ZIP attacks with reduced known plaintext. In: Matsui, M. (ed.) FSE 2001. LNCS, vol.\u00a02355, p. 125. Springer, Heidelberg (2002)"},{"issue":"1","key":"9_CR25","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSP.2011.14","volume":"9","author":"D. Stevens","year":"2011","unstructured":"Stevens, D.: Malicious PDF documents explained. IEEE Security & Privacy\u00a09(1), 80\u201382 (2011)","journal-title":"IEEE Security & Privacy"},{"unstructured":"Stevens, D.: XORSearch, http:\/\/blog.didierstevens.com\/programs\/xorsearch\/ (visited June 2013)","key":"9_CR26"},{"key":"9_CR27","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-0-387-44599-1_11","volume-title":"Malware Detection","author":"S. Stolfo","year":"2007","unstructured":"Stolfo, S., Wang, K., Li, W.J.: Towards stealthy malware detection. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol.\u00a027, pp. 231\u2013249. Springer, US (2007)"},{"unstructured":"The Taidoor campaign: An in-depth analysis. Trend Micro Incorporated (2012)","key":"9_CR28"},{"unstructured":"\u0160rndi\u0107, N., Laskov, P.: Detection of malicious PDF files based on hierarchical document structure. In: Network and Distributed System Security Symposium (NDSS) (2013)","key":"9_CR29"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,6]],"date-time":"2020-08-06T10:01:53Z","timestamp":1596708113000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}