{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T14:55:46Z","timestamp":1763477746018,"version":"3.37.3"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T00:00:00Z","timestamp":1671062400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T00:00:00Z","timestamp":1671062400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001691","name":"KAKENHI","doi-asserted-by":"crossref","award":["17K00179 and 20K11741"],"award-info":[{"award-number":["17K00179 and 20K11741"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-022-00457-8","type":"journal-article","created":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T19:02:46Z","timestamp":1671130966000},"page":"483-501","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Forced continuation of malware execution beyond exceptions"],"prefix":"10.1007","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9406-5037","authenticated-orcid":false,"given":"Yoshihiro","family":"Oyama","sequence":"first","affiliation":[]},{"given":"Hirotaka","family":"Kokubo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,12,15]]},"reference":[{"key":"457_CR1","doi-asserted-by":"crossref","unstructured":"Alsaleh, M.N., Wei, J., Al-Shaer, E., et\u00a0al.: gExtractor: Towards automated extraction of malware deception parameters. In: Proceedings of the 8th Software Security, Protection, and Reverse Engineering Workshop (2018)","DOI":"10.1145\/3289239.3289244"},{"key":"457_CR2","unstructured":"Avllazagaj, E., Zhu, Z., Bilge, L., et\u00a0al.: When malware changed its mind: an empirical study of variable program behaviors in the real world. In: Proceedings of the 30th USENIX Security Symposium, pp. 3487\u20133504 (2021)"},{"key":"457_CR3","unstructured":"Branco, R.R., Barbosa, G.N., Neto, P.D.: Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-VM technologies. Black Hat USA 2012 (2012)"},{"key":"457_CR4","unstructured":"Bremer, J.: Cuckoo sandbox and its recent developments. SECURE 2014 (2014)"},{"key":"457_CR5","unstructured":"Chailytko, A., Skuratovich, S.: Defeating sandbox evasion: How to increase successful emulation rate in your virtualized environment. In: Proceedings of the 26th Virus Bulletin Conference (2016)"},{"key":"457_CR6","doi-asserted-by":"crossref","unstructured":"Chen, P., Huygens, C., Desmet, L., et\u00a0al.: Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware. In: Proceedings of the 31st IFIP International Conference on ICT Systems Security and Privacy Protection, pp 323\u2013336 (2016)","DOI":"10.1007\/978-3-319-33630-5_22"},{"key":"457_CR7","doi-asserted-by":"crossref","unstructured":"Cheng, B., Ming, J., Fu, J., et\u00a0al.: Towards paving the way for large-scale Windows malware analysis: Generic binary unpacking with orders-of-magnitude performance boost. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp 395\u2013411 (2018)","DOI":"10.1145\/3243734.3243771"},{"key":"457_CR8","doi-asserted-by":"publisher","first-page":"471","DOI":"10.1007\/s11227-020-03270-6","volume":"77","author":"S Choi","year":"2021","unstructured":"Choi, S., Chang, T., Yoon, S., et al.: Hybrid emulation for bypassing anti-reversing techniques and analyzing malware. J. Supercomput. 77, 471\u2013497 (2021)","journal-title":"J. Supercomput."},{"key":"457_CR9","unstructured":"Egele, M., Woo, M., Chapman, P., et\u00a0al.: Blanket execution: dynamic similarity testing for program binaries and components. In: Proceedings of the 23rd USENIX Security Symposium, pp 303\u2013317 (2014)"},{"key":"457_CR10","doi-asserted-by":"crossref","unstructured":"Galloro, N., Polino, M., Carminati, M., et\u00a0al.: A systematical and longitudinal study of evasive behaviors in windows malware. Comput. Secur. 113 (2022)","DOI":"10.1016\/j.cose.2021.102550"},{"key":"457_CR11","doi-asserted-by":"crossref","unstructured":"Gao, X., Mechtaev, S., Roychoudhury, A.: Crash-avoiding program repair. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 8\u201318 (2019)","DOI":"10.1145\/3293882.3330558"},{"key":"457_CR12","doi-asserted-by":"crossref","unstructured":"Gao, Q., Zhang, W., Tang, Y., et\u00a0al.: First-Aid: surviving and preventing memory management bugs during production runs. In: Proceedings of the 4th ACM European conference on Computer systems, pp. 159\u2013172 (2009)","DOI":"10.1145\/1519065.1519083"},{"key":"457_CR13","unstructured":"Guarnieri, C., Schloesser, M., Bremer, J.: Mo Malware Mo Problems - Cuckoo Sandbox to the rescue. Black Hat 2013 (2013)"},{"issue":"5","key":"457_CR14","first-page":"579","volume":"23","author":"M Hatada","year":"2015","unstructured":"Hatada, M., Akiyama, M., Matsuki, T., et al.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579\u2013588 (2015)","journal-title":"J. Inf. Process."},{"key":"457_CR15","unstructured":"Igor, V. Popov GRASaumya, Debray, K.: Binary obfuscation using signals. In: Proceedings of the 16th USENIX Security Symposium, pp. 275\u2013290 (2007)"},{"key":"457_CR16","doi-asserted-by":"crossref","unstructured":"Lee, B., Kim, Y., Kim, J.: binOb+: a framework for potent and stealthy binary obfuscation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 271\u2013281 (2010)","DOI":"10.1145\/1755688.1755722"},{"key":"457_CR17","doi-asserted-by":"crossref","unstructured":"Lin, H., Zhang, X., Yong, M., et\u00a0al.: Branch obfuscation using binary code side effects. In: Proceedings of the International Conference on Computer, Networks and Communication Engineering, pp. 152\u2013157 (2013)","DOI":"10.2991\/iccnce.2013.37"},{"key":"457_CR18","doi-asserted-by":"crossref","unstructured":"Long, F., Sidiroglou-Douskos, S., Rinard, M.: Automatic runtime error repair and containment via recovery shepherding. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 227\u2013238 (2014)","DOI":"10.1145\/2594291.2594337"},{"key":"457_CR19","unstructured":"Microsoft: Debugging Tools for Windows: Specific Exceptions (2021) https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/specific-exceptions. Last accessed 5 Jan 2022"},{"key":"457_CR20","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 231\u2013245 (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"457_CR21","unstructured":"Rapid7 Blog: Fooling malware like a boss with Cuckoo Sandbox (2013) https:\/\/www.rapid7.com\/blog\/post\/2013\/04\/16\/fooling-malware-like-a-boss-with-cuckoo-sandbox\/"},{"key":"457_CR22","doi-asserted-by":"crossref","unstructured":"Oyama, Y.: How does malware use RDTSC? a study on operations executed by malware with CPU cycle measurement. In: Proceedings of the 16th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 197\u2013218 (2019)","DOI":"10.1007\/978-3-030-22038-9_10"},{"issue":"1","key":"457_CR23","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/s11416-017-0290-x","volume":"14","author":"Y Oyama","year":"2018","unstructured":"Oyama, Y.: Trends of anti-analysis operations of malwares observed in API call logs. J. Comput. Virol. Hack. Tech. 14(1), 69\u201385 (2018)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"457_CR24","unstructured":"Peng, F., Deng, Z., Zhang, X., et\u00a0al.: X-Force: Force-executing binary programs for security applications. In: Proceedings of the 23rd USENIX Security Symposium, pp. 829\u2013844 (2014)"},{"key":"457_CR25","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/s11416-020-00347-x","volume":"16","author":"F Plumerault","year":"2020","unstructured":"Plumerault, F., David, B.: Exploiting flaws in Windbg: how to escape or fool debuggers from existing flaws. J. Comput. Virolo. Hack. Tech. 16, 173\u2013183 (2020)","journal-title":"J. Comput. Virolo. Hack. Tech."},{"key":"457_CR26","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/s11416-020-00371-x","volume":"17","author":"F Plumerault","year":"2021","unstructured":"Plumerault, F., David, B.: DBI, debuggers, VM: gotta catch them all. J. Comput. Virol. Hack. Tech. 17, 105\u2013117 (2021)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"457_CR27","doi-asserted-by":"crossref","unstructured":"Qin, F., Tucek, J., Zhou, Y., et\u00a0al.: Rx: Treating bugs as allergies\u2014a safe method to survive software failures. ACM Trans. Comput. Syst. 25(3) (2007)","DOI":"10.1145\/1275517.1275519"},{"key":"457_CR28","unstructured":"Rinard, M., Cadar, C., Dumitran, D., et\u00a0al.: Enhancing server availability and security through failure-oblivious computing. In: Proceedings of the 6th Symposium on Operating Systems Design and Implementation, pp. 303\u2013316 (2004)"},{"key":"457_CR29","doi-asserted-by":"crossref","unstructured":"Roundy, K.A., Miller, B.P.: Binary-code obfuscations in prevalent packer tools. ACM Comput. Surv. 46(1) (2013)","DOI":"10.1145\/2522968.2522972"},{"key":"457_CR30","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/s11416-013-0194-3","volume":"10","author":"T Tamboli","year":"2014","unstructured":"Tamboli, T., Austin, T.H., Stamp, M.: Metamorphic code generation from LLVM bytecode. J. Comput. Virol. Hack. Tech. 10, 177\u2013187 (2014)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"457_CR31","doi-asserted-by":"crossref","unstructured":"Wilhelm, J., Chiueh, T.: A forced sampled execution approach to kernel rootkit identification. In: Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection, pp. 219\u2013235 (2007)","DOI":"10.1007\/978-3-540-74320-0_12"},{"key":"457_CR32","doi-asserted-by":"crossref","unstructured":"Xu, Z., Zhang, J., Gu, G., et\u00a0al.: GoldenEye: efficiently and effectively unveiling malware\u2019s targeted environment. In: Proceedings of the 17th International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 22\u201345 (2014)","DOI":"10.1007\/978-3-319-11379-1_2"},{"key":"457_CR33","doi-asserted-by":"crossref","unstructured":"Yadegari, B., Stephens, J., Debray, S.: Analysis of exception-based control transfers. In: Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, pp. 205\u2013216 (2017)","DOI":"10.1145\/3029806.3029826"},{"key":"457_CR34","doi-asserted-by":"crossref","unstructured":"Yao, X., Pang, J., Zhang, Y., et\u00a0al.: A method and implementation of control flow obfuscation using SEH. In: Proceedings of the 2012 Fourth International Conference on Multimedia Information Networking and Security, pp. 336\u2013339 (2012)","DOI":"10.1109\/MINES.2012.25"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00457-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-022-00457-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00457-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,12]],"date-time":"2023-10-12T18:07:27Z","timestamp":1697134047000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-022-00457-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,15]]},"references-count":34,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,11]]}},"alternative-id":["457"],"URL":"https:\/\/doi.org\/10.1007\/s11416-022-00457-8","relation":{},"ISSN":["2263-8733"],"issn-type":[{"type":"electronic","value":"2263-8733"}],"subject":[],"published":{"date-parts":[[2022,12,15]]},"assertion":[{"value":"25 January 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 November 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 December 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}