{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T22:27:48Z","timestamp":1775255268744,"version":"3.50.1"},"reference-count":17,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2019,12,1]],"date-time":"2019-12-01T00:00:00Z","timestamp":1575158400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,12,1]],"date-time":"2019-12-01T00:00:00Z","timestamp":1575158400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"Equipment Advance Research Program","award":["JZX2017-0736\/Y178"],"award-info":[{"award-number":["JZX2017-0736\/Y178"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61602114"],"award-info":[{"award-number":["61602114"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Key R&D Plan Program of China","award":["2017YFB0801703"],"award-info":[{"award-number":["2017YFB0801703"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["CCF Trans. Netw."],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s42045-019-00024-8","type":"journal-article","created":{"date-parts":[[2019,12,5]],"date-time":"2019-12-05T10:02:32Z","timestamp":1575540152000},"page":"207-216","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["dptCry: an approach to decrypting ransomware WannaCry based on API hooking"],"prefix":"10.1007","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8642-4362","authenticated-orcid":false,"given":"Guang","family":"Cheng","sequence":"first","affiliation":[]},{"given":"Chunsheng","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Yongning","family":"Tang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,12,5]]},"reference":[{"key":"24_CR1","first-page":"50","volume":"4","author":"CERT Antiy","year":"2016","unstructured":"Antiy, C.E.R.T.: A brief history of ransomware. China Inf. Secur. 4, 50\u201358 (2016)","journal-title":"China Inf. Secur."},{"key":"24_CR3","unstructured":"Guinet, A.: A WannaCry flaw could help some victim get files back[EB\/OL]. https:\/\/www.wired.com\/2017\/05\/wannacry-flaw-help-windows-xp-victims-get-files-back\/ (2019)"},{"key":"24_CR4","volume-title":"Rootkits: Subverting the Windows kernel","author":"G Hoglund","year":"2006","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows kernel. Addison-Wesley Professional, Boston (2006)"},{"issue":"11","key":"24_CR6","first-page":"3239","volume":"33","author":"Cai Jianzhang","year":"2013","unstructured":"Jianzhang, Cai, Qiang, Wei, Yuefei, Zhu: Identification of encrypted function in malicious software. J. Comput. Appl. 33(11), 3239\u20133243 (2013)","journal-title":"J. Comput. Appl."},{"key":"24_CR7","first-page":"48","volume":"11","author":"L Kesheng","year":"2006","unstructured":"Kesheng, L., Zhongshou, W.: The analysis of API Hook central technique. Netw. Secur. Technol. Appl. 11, 48\u201350 (2006)","journal-title":"Netw. Secur. Technol. Appl."},{"key":"24_CR8","unstructured":"Kharraz, A., Arshad, S., Mulliner, C. et al.: UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. USENIX Security Symposium. 757-772 (2016)"},{"key":"24_CR9","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G. et al.: PayBreak: Defense against cryptographic ransomware. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 599-611 (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"24_CR10","unstructured":"Kruegel, C.: Full system emulation: Achieving successful automated dynamic analysis of evasive malware. Proc. BlackHat USA Security Conference. (2014)"},{"key":"24_CR11","volume-title":"K-Tracer: A System for Extracting Kernel Malware Behavior","author":"A Lanzi","year":"2009","unstructured":"Lanzi, A., Sharif, M.I., Lee, W.: K-Tracer: A System for Extracting Kernel Malware Behavior. NDSS, San Diego (2009)"},{"key":"24_CR12","first-page":"41","volume":"21","author":"Shi Lei","year":"2016","unstructured":"Lei, Shi, Liang, Sun: Research on ransomware. Wirel. Internet Technol. 21, 41\u201342 (2016)","journal-title":"Wirel. Internet Technol."},{"issue":"2","key":"24_CR13","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"24_CR15","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1007\/978-3-642-37832-4_21","volume-title":"Knowledge Engineering and Management","author":"Y Qiao","year":"2014","unstructured":"Qiao, Y., Yang, Y., He, J. et al.: CBM: free, automatic malware analysis framework using API call sequences. In: Sun, F., Li, T., Li, H. (eds.) Knowledge Engineering and Management, pp. 225\u2013236. Springer, Berlin, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-37832-4_21"},{"key":"24_CR18","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1016\/j.engappai.2016.12.016","volume":"59","author":"Z Salehi","year":"2017","unstructured":"Salehi, Z., Sami, A., Ghiasi, M.: MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values. Eng. Appl. Artif. Intell. 59, 93\u2013102 (2017)","journal-title":"Eng. Appl. Artif. Intell."},{"key":"24_CR19","unstructured":"Shaid S.Z.M., Maarof, M.A.: In memory detection of windows API call hooking technique. Computer, Communications, and Control Technology (I4CT), 2015 International Conference on. IEEE, 2015, pp. 294-298 (2015)"},{"issue":"7","key":"24_CR20","first-page":"2548","volume":"32","author":"XL Su","year":"2011","unstructured":"Su, X.L., Yuan, D.: Research and implementation of two API-Hooking technologies based on Windows. Compur. Eng. Des. 32(7), 2548\u20132552 (2011)","journal-title":"Compur. Eng. Des."},{"key":"24_CR24","first-page":"19","volume":"3494","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. Eurocrypt 3494, 19\u201335 (2005)","journal-title":"Eurocrypt"},{"key":"24_CR25","doi-asserted-by":"crossref","unstructured":"Wright, W., Schroh, D., Proulx, P. et al.: The Sandbox for analysis: concepts and methods. Proceedings of the SIGCHI conference on Human Factors in computing systems. ACM, 801-810 (2006)","DOI":"10.1145\/1124772.1124890"}],"container-title":["CCF Transactions on Networking"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s42045-019-00024-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s42045-019-00024-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s42045-019-00024-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T01:47:29Z","timestamp":1607046449000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s42045-019-00024-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12]]},"references-count":17,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["24"],"URL":"https:\/\/doi.org\/10.1007\/s42045-019-00024-8","relation":{},"ISSN":["2520-8462","2520-8470"],"issn-type":[{"value":"2520-8462","type":"print"},{"value":"2520-8470","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,12]]},"assertion":[{"value":"8 May 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 November 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 December 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}