{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:18:02Z","timestamp":1766067482279,"version":"3.37.3"},"reference-count":19,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2022,1,13]],"date-time":"2022-01-13T00:00:00Z","timestamp":1642032000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,13]],"date-time":"2022-01-13T00:00:00Z","timestamp":1642032000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100002261","name":"xxx","doi-asserted-by":"publisher","award":["20-37-90042"],"award-info":[{"award-number":["20-37-90042"]}],"id":[{"id":"10.13039\/501100002261","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2022,9]]},"DOI":"10.1007\/s11416-021-00412-z","type":"journal-article","created":{"date-parts":[[2022,1,13]],"date-time":"2022-01-13T00:04:26Z","timestamp":1642032266000},"page":"231-241","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["An approach to dynamic malware analysis based on system and application code split"],"prefix":"10.1007","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9707-844X","authenticated-orcid":false,"given":"Anastasia","family":"Pereberina","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexey","family":"Kostyushko","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Tormasov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,1,13]]},"reference":[{"issue":"2","key":"412_CR1","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2012","unstructured":"Egele, M., Scholte, Th., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6 (2012)","journal-title":"ACM Comput. Surv."},{"key":"412_CR2","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/s11416-020-00371-x","volume":"17","author":"F Plumerault","year":"2021","unstructured":"Plumerault, F., David, B.: DBI, debuggers, VM: gotta catch them all. J. Comput. Virol. Hack Tech. 17, 105\u2013117 (2021). https:\/\/doi.org\/10.1007\/s11416-020-00371-x","journal-title":"J. Comput. Virol. Hack Tech."},{"key":"412_CR3","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/s11416-020-00347-x","volume":"16","author":"F Plumerault","year":"2020","unstructured":"Plumerault, F., David, B.: Exploiting flaws in Windbg: how to escape or fool debuggers from existing flaws. J. Comput. Virol. Hack Tech. 16, 173\u2013183 (2020). https:\/\/doi.org\/10.1007\/s11416-020-00347-x","journal-title":"J. Comput. Virol. Hack Tech."},{"key":"412_CR4","unstructured":"Hosseini, A.: Ten process injection techniques: a technical survey of common and trending process injection techniques. Endgame. https:\/\/www.elastic.co\/blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process (2017). Accessed 16 Nov 2021"},{"key":"412_CR5","unstructured":"Pietrek, M.: Peering inside the PE: a tour of the Win32 portable executable file format. Microsoft Syst. J. (1994)"},{"key":"412_CR6","unstructured":"Vectored Exception Handling. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/vectored-exception-handling (2021). Accessed 16 Nov 2021"},{"key":"412_CR7","unstructured":"Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4. Intel. Vol. 1 3-15. https:\/\/www.intel.com\/content\/www\/us\/en\/develop\/download\/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html (2021). Accessed 16 Nov 2021"},{"key":"412_CR8","unstructured":"RtlAddFunctionTable function. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/winnt\/nf-winnt-rtladdfunctiontable (2021). Accessed 16 Nov 2021"},{"key":"412_CR9","unstructured":"PE Format. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format#the-pdata-section (2021). Accessed 16 Nov 2021"},{"key":"412_CR10","unstructured":"Shilon, O.: On API-MS-WIN-XXXXX.DLL, and other dependency walker glitches. https:\/\/ofekshilon.com\/2016\/03\/27\/on-api-ms-win-xxxxx-dll-and-other-dependency-walker-glitches (2016). Accessed 16 Nov 2021"},{"key":"412_CR11","unstructured":"Api set resolution. https:\/\/lucasg.github.io\/2017\/10\/15\/Api-set-resolution (2017). Accessed 16 Nov 2021"},{"key":"412_CR12","doi-asserted-by":"crossref","unstructured":"Ionescu, A.: Secrets of the Application Compatilibity Database (SDB)\u2014Part 3. http:\/\/www.alex-ionescu.com\/?p=41 (2007). Accessed 16 Nov 2021","DOI":"10.3917\/pp.016.0141"},{"key":"412_CR13","unstructured":"TLB Desynchronization (Split TLB). http:\/\/uninformed.org\/index.cgi?v=6&a=1&p=21 (2007). Accessed 16 Nov 2021"},{"key":"412_CR14","unstructured":"Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4. Intel. Vol. 3A 4-31 (2021)"},{"key":"412_CR15","unstructured":"Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4. Intel. Vol. 3A 5-30 (2021)"},{"key":"412_CR16","unstructured":"Control-flow Enforcement Technology Preview. Intel. Revision 2.0, Document Number: 334525-002 (2017)"},{"key":"412_CR17","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: Proceedings of the 23rd USENIX Conference on Security Symposium. https:\/\/dl.acm.org\/doi\/10.5555\/2671225.2671250 (2014). Accessed 16 Nov 2021"},{"key":"412_CR18","unstructured":"Ionescu, A.: The Linux kernel hidden inside Windows 10. BlackHat. https:\/\/github.com\/ionescu007\/lxss\/blob\/master\/The%20Linux%20kernel%20hidden%20inside%20windows%2010.pdf (2016). Accessed 16 Nov 2021"},{"key":"412_CR19","unstructured":"Pico Process Overview. Microsoft. https:\/\/docs.microsoft.com\/en-us\/archive\/blogs\/wsl\/pico-process-overview (2016). Accessed 16 Nov 2021"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-021-00412-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-021-00412-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-021-00412-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,22]],"date-time":"2023-01-22T19:52:29Z","timestamp":1674417149000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-021-00412-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,13]]},"references-count":19,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,9]]}},"alternative-id":["412"],"URL":"https:\/\/doi.org\/10.1007\/s11416-021-00412-z","relation":{},"ISSN":["2263-8733"],"issn-type":[{"type":"electronic","value":"2263-8733"}],"subject":[],"published":{"date-parts":[[2022,1,13]]},"assertion":[{"value":"29 June 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 January 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not available.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Code availability"}}]}}