{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T10:08:45Z","timestamp":1777543725561,"version":"3.51.4"},"reference-count":22,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Datenschutz Datensich"],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1007\/s11623-022-1604-9","type":"journal-article","created":{"date-parts":[[2022,5,11]],"date-time":"2022-05-11T11:05:15Z","timestamp":1652267115000},"page":"284-290","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Fighting Evasive Malware"],"prefix":"10.1007","volume":"46","author":[{"given":"Jan","family":"Gruber","sequence":"first","affiliation":[]},{"given":"Felix","family":"Freiling","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,5,11]]},"reference":[{"key":"1604_CR1","unstructured":"Balzarotti, D.; Cova, M.; Karlberger, C.; Kirda, E.; Kruegel, C.; Vigna, G.: Efficient Detection of Split Personalities in Malware. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February \u2013 3rd March 2010. The Internet Society, 2010, url: https:\/\/www.ndss-symposium.org\/ndss2010\/efficient-detectionsplit-personalities-malware."},{"key":"1604_CR2","doi-asserted-by":"crossref","unstructured":"Bulazel, A.; Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: Pc, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium. Pp. 1\u201321, 2017.","DOI":"10.1145\/3150376.3150378"},{"key":"1604_CR3","doi-asserted-by":"crossref","unstructured":"Chaffey, E.J.; Sgandurra, D.: Malware vs Anti-Malware Battle \u2013 Gotta Evade \u2019em All! In (Kohlhammer, J.; Angelini, M.; Bryan, C.; G\u00f3mez, R.R.; Prigent, N., eds.): 17th IEEE Symposium on Visualization for Cyber Security, VizSec 2020, Virtual Event, USA, October 28, 2020. IEEE, pp. 40\u201344, 2020, url: https:\/\/doi.org\/10.1109\/VizSec51108.2020.00012.","DOI":"10.1109\/VizSec51108.2020.00012"},{"key":"1604_CR4","unstructured":"Fois, Q.: Threat Actor \u201cCold River\u201d: Network Traffic Analysis and a Deep Dive on Agent Drable, tech. rep., Lastline Inc., Jan. 2019, url: https:\/\/www.lastline.com\/labsblog\/threat-actor-cold-river-networktraffic-analysis-and-a-deep-dive-on-agent-drable\/, visited on: 10\/28\/2021."},{"key":"1604_CR5","doi-asserted-by":"crossref","unstructured":"Gao, Y.; Lu, Z.; Luo, Y.: Survey on malware anti-analysis. In: Fifth International Conference on Intelligent Control and Information Processing. Pp. 270\u2013275, 2014.","DOI":"10.1109\/ICICIP.2014.7010353"},{"key":"1604_CR6","unstructured":"Haughom, J.; Ortolani, S.: Evolution of Excel 4.0 Macro Weaponization, tech. rep., Lastline Inc., 2020, url: https:\/\/www.lastline.com\/labsblog\/ evolution-of-excel-4-0-macro-weaponization\/, visited on: 11\/08\/2021."},{"key":"1604_CR7","unstructured":"Hund, R.: Pafish: How to Test your Sandbox Against Virtualization Detection, 2015, url: https:\/\/www.vmray.com\/cyber-security-blog\/a-pafishprimer\/, visited on: 12\/17\/2020."},{"key":"1604_CR8","doi-asserted-by":"crossref","unstructured":"Kovalev, S.G.: Reading the contents of deleted and modified files in the virtualization based black-box binary analysis system Drakvuf. In: Proceedings of ISP RAS. Vol. 30. 5, 2018.","DOI":"10.15514\/ISPRAS-2018-30(5)-7"},{"key":"1604_CR9","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K.; Maresca, S.; Payne, B.D.; Webster, G.D.; Vogl, S.; Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In (Jr., C.N.P.; Hahn, A.; Butler, K.R.B.; Sherr, M., eds.): Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA, USA, December 8-12, 2014. ACM, pp. 386\u2013395, 2014, url: https:\/\/doi.org\/10.1145\/2664243.2664252.","DOI":"10.1145\/2664243.2664252"},{"key":"1604_CR10","unstructured":"Lengyel, T.: Stealthy monitoring with Xen alt2pm, tech. rep., Xen Project, 2016, url: https:\/\/xenproject.org\/2016\/04\/13\/stealthy-monitoringwith-xen-altp2m\/, visited on: 10\/29\/2021."},{"key":"1604_CR11","unstructured":"Ligh, M.H.: MoVP 4.2 Taking Screenshots from Memory Dumps, tech. rep., The Volatility Foundation, 2012, url: https:\/\/volatilitylabs.blogspot.com\/2012\/10\/movp-43-taking-screenshots-frommemory.html, visited on: 10\/30\/2021."},{"key":"1604_CR12","unstructured":"Ligh, M.H.: What do Upclicker, Poison Ivy, Cuckoo, and Volatility Have in Common?, tech. rep., The Volatility Foundation, 2012, url: https:\/\/volatility-labs.blogspot.com\/2012\/12\/what-do-upclicker-poisonivy-cuckoo-and.html, visited on: 11\/07\/2021."},{"key":"1604_CR13","unstructured":"Leszczy\u0144ski, M.; Stopcza\u0144ski, K.: A new open-source hypervisor-level malware monitoring and extraction system \u2013 current state and further challenges. Virus Bulletin 12\/, 2020."},{"key":"1604_CR14","doi-asserted-by":"crossref","unstructured":"Melvin, A.A.R.; Kathrine, G.J.W.: A Quest for Best: A Detailed Comparison Between Drakvuf-VMI-Based and Cuckoo Sandbox-Based Technique for Dynamic Malware Analysis. In: Intelligence in Big Data Technologies\u2014Beyond the Hype. Springer, pp. 275\u2013290, 2021.","DOI":"10.1007\/978-981-15-5285-4_27"},{"key":"1604_CR15","doi-asserted-by":"crossref","unstructured":"Payne, B.D.: Simplifying virtual machine introspection using LibVMI.\/, 2012, url: https:\/\/www.osti.gov\/biblio\/1055635.","DOI":"10.2172\/1055635"},{"key":"1604_CR16","unstructured":"Rapid7: Fooling malware like a boss with Cuckoo Sandbox, tech. rep., Rapid7, 2013, url: https:\/\/www.rapid7.com\/blog\/post\/2013\/04\/16\/foolingmalware-like-a-boss-with-cuckoo-sandbox\/, visited on: 10\/29\/2021."},{"key":"1604_CR17","unstructured":"Russinovich, M.E.; Solomon, D.A.; Ionescu, A.: Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7. Microsoft Press, USA, 2012, isbn: 0735648735."},{"key":"1604_CR18","unstructured":"Singh, A.; Khalid, Y.: Don\u2019t Click the Left Mouse Button: Introducing Trojan UpClicker, tech. rep., Fireeye Inc., 2012, url: https:\/\/webcache.googleusercontent.com\/search?q=cache:NeVZ4J1Y-cQJ:https:\/\/www. fireeye.com\/blog\/threat-research\/2012\/12\/dont-click-the-leftmouse-button-trojan-upclicker.html+&cd=1&hl=en&ct=clnk&gl=de, visited on: 11\/07\/2021."},{"key":"1604_CR19","unstructured":"Vashisht, S.O.; Singh, A.: Turing Test in Reverse: New Sandbox-Evasion Techniques Seek Human Interaction, tech. rep., Fireeye Inc., 2014, url: https:\/\/www.fireeye.com\/blog\/threat-research\/2014\/06\/turingtest-in-reverse-new-sandbox-evasion-techniques-seek-humaninteraction.html, visited on: 10\/28\/2021."},{"key":"1604_CR20","doi-asserted-by":"crossref","unstructured":"Willems, C.; Holz, T.; Freiling, F.C.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Secur. Priv. 5\/2, pp. 32\u201339, 2007, url: https:\/\/doi.org\/10.1109\/MSP.2007.45.","DOI":"10.1109\/MSP.2007.45"},{"key":"1604_CR21","unstructured":"Willems, C.; Hund, R.; Holz, T.: CXPinspector: Hypervisor-based, hardwareassisted system monitoring. Ruhr-Universitat Bochum, Tech. Rep\/, p. 12, 2013."},{"key":"1604_CR22","doi-asserted-by":"crossref","unstructured":"Yokoyama, A.; Ishii, K.; Tanabe, R.; Papa, Y.; Yoshioka, K.; Matsumoto, T.; Kasama, T.; Inoue, D.; Brengel, M.; Backes, M.; Rossow, C.: SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion. In (Monrose, F.; Dacier, M.; Blanc, G.; Garc\u00eda-Alfaro, J., eds.): Research in Attacks, Intrusions, and Defenses \u2013 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings. Vol. 9854. Lecture Notes in Computer Science, Springer, pp. 165\u2013187, 2016, url: https:\/\/doi.org\/10.1007\/978-3-319-45719-2%5C_8.","DOI":"10.1007\/978-3-319-45719-2_8"}],"container-title":["Datenschutz und Datensicherheit - DuD"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-022-1604-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11623-022-1604-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-022-1604-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,11]],"date-time":"2022-05-11T11:26:41Z","timestamp":1652268401000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11623-022-1604-9"}},"subtitle":["How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction\n  Simulator"],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":22,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,5]]}},"alternative-id":["1604"],"URL":"https:\/\/doi.org\/10.1007\/s11623-022-1604-9","relation":{},"ISSN":["1614-0702","1862-2607"],"issn-type":[{"value":"1614-0702","type":"print"},{"value":"1862-2607","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,5]]},"assertion":[{"value":"11 May 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}