{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:21:45Z","timestamp":1780633305650,"version":"3.54.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,4,18]],"date-time":"2020-04-18T00:00:00Z","timestamp":1587168000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,4,18]],"date-time":"2020-04-18T00:00:00Z","timestamp":1587168000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["2017R1D1A1B03029550"],"award-info":[{"award-number":["2017R1D1A1B03029550"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2021,1]]},"DOI":"10.1007\/s11227-020-03270-6","type":"journal-article","created":{"date-parts":[[2020,4,18]],"date-time":"2020-04-18T07:02:20Z","timestamp":1587193340000},"page":"471-497","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Hybrid emulation for bypassing anti-reversing techniques and analyzing malware"],"prefix":"10.1007","volume":"77","author":[{"given":"Seokwoo","family":"Choi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Taejoo","family":"Chang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sung-woo","family":"Yoon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7354-4434","authenticated-orcid":false,"given":"Yongsu","family":"Park","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,4,18]]},"reference":[{"key":"3270_CR1","unstructured":"Orleans Technology (2014) Themida: advanced windows software protection system. https:\/\/www.oreans.com\/themida.php. Accessed 19 Aug 2019"},{"key":"3270_CR2","unstructured":"Enigma Protector Developer (2019) The enigma protector: a professional system for licensing and protecting executable files for Windows. https:\/\/enigmaprotector.com\/en\/home.html. Accessed 19 Aug 2019"},{"key":"3270_CR3","unstructured":"Bellard F (2005) QEMU, a fast and portable dynamic translator. In: Proceedings of 2005 USENIX Annual Technical Conference"},{"key":"3270_CR4","unstructured":"Mishchenko D (2011) Introduction to VMware ESXi 4.1. In: Mishchenko D (ed) VMware ESXi: Planning, Implementation, Security, Course Technology, 1st edn, Course Technology, pp 1\u201323"},{"key":"3270_CR5","doi-asserted-by":"crossref","unstructured":"Luk C, Chon R, Muth R, Patil H, Klauser A, Lowney G, Wallace S, Raddi VJ, Hazelwood K (2005) Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on PLDI, pp 190\u2013200","DOI":"10.1145\/1065010.1065034"},{"key":"3270_CR6","unstructured":"Lawton KP (1996) A portable PC emulator for Unix\/X, Linux journal, vol 1996, Issue 29es"},{"key":"3270_CR7","unstructured":"Tully J (2008) Introduction to windows anti-debugging. https:\/\/www.codeproject.com\/Articles\/29469\/Introduction-Into-Windows-Anti-Debugging\/. Accessed 19 Aug 2019"},{"key":"3270_CR8","unstructured":"Ferrie P (2011) The ultimate anti-debugging reference. https:\/\/www.anti-reversing.com\/the-ultimate-anti-debugging-reference\/. Accessed 19 Aug 2019"},{"key":"3270_CR9","unstructured":"Tyler Shields T (2011) Anti-debugging\u2014a developers view, Veracode Inc, USA. https:\/\/www.secnews.pl\/wp-content\/uploads\/2011\/05\/whitepaper_antidebugging.pdf. Accessed 19 Aug 2019"},{"key":"3270_CR10","unstructured":"VMSoft (2018) VMProtect software: VMProtect virtualizes code, https:\/\/vmpsoft.com\/products\/vmprotect\/. Accessed 19 Aug 2019"},{"key":"3270_CR11","unstructured":"Garnett T (2003) Dynamic optimization of IA-32 application under DynamoRIO, Master\u2019s degree Thesis, MIT"},{"key":"3270_CR12","unstructured":"OllyAdvanced (2013) OllyAdvanced\u2014OllyDbg plugin for a number of advancements and anti-debug features. https:\/\/www.aldeid.com\/wiki\/OllyDbg\/OllyAdvanced. Accessed 19 Aug 2019"},{"key":"3270_CR13","doi-asserted-by":"crossref","unstructured":"Shi H, Mirkovic J (2017) Hiding debuggers from malware with apate. In: Proceedings of the Symposium on Applied Computing, pp 1703\u20131710","DOI":"10.1145\/3019612.3019791"},{"key":"3270_CR14","doi-asserted-by":"crossref","unstructured":"Bardin S, David R, Marion JY (2017) Backward-bounded DSE: targeting infeasibility questions on obfuscated codes. In: Proceedings of 2017 IEEE Symposium on Security and Privacy, pp 633\u2013651","DOI":"10.1109\/SP.2017.36"},{"key":"3270_CR15","unstructured":"Blazytko T, Contag M, Aschermann M, Holz T (2017) Syntia: synthesizing the semantics of obfuscated code. In: Proceedings of USENIX Security Symposium 2017, pp 643\u2013659"},{"key":"3270_CR16","doi-asserted-by":"crossref","unstructured":"Chen P, Huygens C, Desmet L, Joosen W (2016) Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware. In: Proceedings of IFIP International Conference on ICT Systems Security and Privacy Protection, IFIPAICT, vol 471, pp 323\u2013336","DOI":"10.1007\/978-3-319-33630-5_22"},{"key":"3270_CR17","doi-asserted-by":"crossref","unstructured":"Kirsch J, Zhechev Z, Bierbaumer B, Kittel T (2018) PwIN \u2013 Pwning Intel piN: why DBI is unsuitable for security applications. In: Proceedings of ESORICS \u201918, LNCS, vol 11098, pp 363\u2013392","DOI":"10.1007\/978-3-319-99073-6_18"},{"key":"3270_CR18","doi-asserted-by":"crossref","unstructured":"Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. In: Proceedings of SOSP\u201903, pp 164\u2013177","DOI":"10.1145\/945445.945462"},{"issue":"Supplement","key":"3270_CR19","first-page":"S38","volume":"22","author":"C Miller","year":"2017","unstructured":"Miller C, Glendowne D, Cook H, Thomas D, Lanclos C, Pape P (2017) Insights gained from constructing a large-scale dynamic analysis platform. Digit Investig 22(Supplement):S38\u2013S56","journal-title":"Digit Investig"},{"key":"3270_CR20","doi-asserted-by":"crossref","unstructured":"Polino M, Continella A, Mariani S, D\u2019Alessio S, Fontana L, Gritti F, Zanero S (2017) Measuring and defeating anti-instrumentation-equipped malware. In: Proceedings of DIMVA\u20192017, vol 10327. LNCS, pp 73\u201396","DOI":"10.1007\/978-3-319-60876-1_4"},{"key":"3270_CR21","unstructured":"OllyDbg (2014) OllyDbg v1.10: 32-bit assembler level analyzing debugger for Microsoft Windows. https:\/\/www.ollydbg.de\/. Accessed 19 Aug 2019"},{"issue":"4","key":"3270_CR22","first-page":"887","volume":"35","author":"G-M Kim","year":"2019","unstructured":"Kim G-M, Park J, Jang Y-H, Park Y (2019) Efficient automatic original entry point detection. J Inf Sci Eng 35(4):887\u2013902","journal-title":"J Inf Sci Eng"},{"key":"3270_CR23","doi-asserted-by":"crossref","unstructured":"Nethercote N, Seward J (2007) Valgrind: a framework for heavyweight dynamic binary instrumentation. In: Proceedings of PLDI\u201907, pp 89\u2013100","DOI":"10.1145\/1250734.1250746"},{"key":"3270_CR24","unstructured":"Hunt G, Brubacher D (1999) Detours: binary interception of Win32 functions. In: Proceedings of the 3rd USENIX Windows NT Symposium"},{"key":"3270_CR25","doi-asserted-by":"crossref","unstructured":"Lim C, Ramli K (2014) Mal-ONE: a unified framework for fast and efficient malware detection. In: Proceedings of the 2nd International Conference on Technology, Informatics, Management, Engineering &Environment","DOI":"10.1109\/TIME-E.2014.7011581"},{"key":"3270_CR26","doi-asserted-by":"crossref","unstructured":"Yoshizaki K, Yamauchi T (2014) Malware detection method focusing on anti-debugging functions. In: Proceedings of the Second International Symposium on Computing and Networking (CANDAR), pp 563\u2013566","DOI":"10.1109\/CANDAR.2014.36"},{"key":"3270_CR27","doi-asserted-by":"crossref","unstructured":"Zeng J, Fu Y, Lin Z (2015) PEMU: a pin highly compatible out-of-VM dynamic binary instrumentation framework. In: Proceedings of the 11 ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, pp 147\u2013160","DOI":"10.1145\/2731186.2731201"},{"key":"3270_CR28","doi-asserted-by":"crossref","unstructured":"Dunaev D, Charaf H, Lengyel L (2013) A method of machine code translation to intermediate representation. In: Proceedings of 2013 IEEE 4th International Conference on Cognitive Infocommunications (CogInfoCom)","DOI":"10.1109\/CogInfoCom.2013.6719206"},{"key":"3270_CR29","unstructured":"Hex-rays (2015) IDA Pro: multi-processor disassembler and debugger. https:\/\/www.hex-rays.com\/products\/ida\/index.shtml. Accessed 19 Aug 2019"},{"key":"3270_CR30","unstructured":"Solomon DA, Russinovich ME, Ionescu A (2009) Windows Internal, Fifth Edition, Microsoft Press"},{"key":"3270_CR31","doi-asserted-by":"crossref","unstructured":"Kang MG, Poosankam P, Yin H (2007) Renovo: a hidden code extractor for packed executables. In: Proceedings of WORM\u201907, Alexandria, Virginia, USA, 2007, pp 46\u201354","DOI":"10.1145\/1314389.1314399"},{"key":"3270_CR32","unstructured":"Safengine (2017) Safengine protector. https:\/\/www.safengine.com\/en-us\/. Accessed 19 Aug 2019"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-020-03270-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-020-03270-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-020-03270-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,17]],"date-time":"2021-04-17T23:26:23Z","timestamp":1618701983000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-020-03270-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,18]]},"references-count":32,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,1]]}},"alternative-id":["3270"],"URL":"https:\/\/doi.org\/10.1007\/s11227-020-03270-6","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"value":"0920-8542","type":"print"},{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,18]]},"assertion":[{"value":"18 April 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}