{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,9]],"date-time":"2026-07-09T15:18:33Z","timestamp":1783610313698,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T00:00:00Z","timestamp":1257724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,11,9]]},"DOI":"10.1145\/1655148.1655151","type":"proceedings-article","created":{"date-parts":[[2009,11,17]],"date-time":"2009-11-17T13:30:15Z","timestamp":1258464615000},"page":"11-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":56,"title":["Emulating emulation-resistant malware"],"prefix":"10.1145","author":[{"given":"Min Gyung","family":"Kang","sequence":"first","affiliation":[{"name":"Carnegie Mellon University \/ University of California, Berkeley, Berkeley, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Heng","family":"Yin","sequence":"additional","affiliation":[{"name":"Syracuse University \/ Unversity of California, Berkeley, Syracuse, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Steve","family":"Hanna","sequence":"additional","affiliation":[{"name":"Unversity of California, Berkeley, Berkeley, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Stephen","family":"McCamant","sequence":"additional","affiliation":[{"name":"Unversity of California, Berkeley, Berkeley, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"Unversity of California, Berkeley, Berkeley, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2009,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMD Virtualization (AMD-V) Technology. http:\/\/www.amd.com\/us-en\/0 3715_15781_15785 00.html.  AMD Virtualization (AMD-V) Technology. http:\/\/www.amd.com\/us-en\/0 3715_15781_15785 00.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Anubis. http:\/\/anubis.iseclab.org\/.  Anubis. http:\/\/anubis.iseclab.org\/."},{"key":"e_1_3_2_1_3_1","first-page":"180","volume-title":"15th EICAR Conference","author":"Bayer U.","year":"2006","unstructured":"U. Bayer , C. Kruegel , and E. Kirda . TTAnalyze: A tool for analyzing malware . In 15th EICAR Conference , pages 180 -- 192 , Hamburg, Germany , May 2006 . U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A tool for analyzing malware. In 15th EICAR Conference, pages 180--192, Hamburg, Germany, May 2006."},{"key":"e_1_3_2_1_4_1","unstructured":"BitBlaze Online. https:\/\/aerie.cs.berkeley.edu\/.  BitBlaze Online. https:\/\/aerie.cs.berkeley.edu\/."},{"key":"e_1_3_2_1_5_1","unstructured":"The Bochs IA-32 Emulator Project. http:\/\/bochs.sourceforge.net.  The Bochs IA-32 Emulator Project. http:\/\/bochs.sourceforge.net."},{"key":"e_1_3_2_1_6_1","volume-title":"Pandora's Bochs: Automatic unpacking of malware. Diploma thesis","author":"B\u00f6hne L.","year":"2008","unstructured":"L. B\u00f6hne . Pandora's Bochs: Automatic unpacking of malware. Diploma thesis , RWTH Aachen University , Jan. 2008 . L. B\u00f6hne. Pandora's Bochs: Automatic unpacking of malware. Diploma thesis, RWTH Aachen University, Jan. 2008."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/EURMIC.1997.617339"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2003.12.001"},{"key":"e_1_3_2_1_10_1","first-page":"177","volume-title":"38th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Chen X.","year":"2008","unstructured":"X. Chen , J. Andersen , Z. M. Mao , M. Bailey , and J. Nazario . Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware . In 38th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) , pages 177 -- 186 , Anchorage, AK, USA , June 2008 . X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In 38th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pages 177--186, Anchorage, AK, USA, June 2008."},{"key":"e_1_3_2_1_11_1","volume-title":"13th USENIX Security Symposium","author":"Chow J.","year":"2004","unstructured":"J. Chow , B. Pfaff , T. Garfinkel , K. Christopher , and M. Rosenblum . Understanding data lifetime via whole system simulation . In 13th USENIX Security Symposium , San Diego, CA, USA , Aug. 2004 . J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In 13th USENIX Security Symposium, San Diego, CA, USA, Aug. 2004."},{"key":"e_1_3_2_1_12_1","unstructured":"CWSandbox. http:\/\/www.cwsandbox.org.  CWSandbox. http:\/\/www.cwsandbox.org."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Annual Technical Conference","author":"Egele M.","year":"2007","unstructured":"M. Egele , C. Kruegel , E. Kirda , H. Yin , and D. Song . Dynamic spyware analysis . In USENIX Annual Technical Conference , June 2007 . M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In USENIX Annual Technical Conference, June 2007."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368518"},{"key":"e_1_3_2_1_16_1","volume-title":"11th Workshop on Hot Topics in Operating Systems (HotOS-XI)","author":"Garfinkel T.","year":"2007","unstructured":"T. Garfinkel , K. Adams , A. Warfield , and J. Franklin . Compatibility is not transparency: VMM detection myths and realities . In 11th Workshop on Hot Topics in Operating Systems (HotOS-XI) , San Diego, CA, USA , May 2007 . T. Garfinkel, K. Adams, A. Warfield, and J. Franklin. Compatibility is not transparency: VMM detection myths and realities. In 11th Workshop on Hot Topics in Operating Systems (HotOS-XI), San Diego, CA, USA, May 2007."},{"key":"e_1_3_2_1_17_1","unstructured":"Intel Virtualization Technology. http:\/\/www.intel.com\/technology\/itj\/2006\/v10i3\/1-hardware\/6-vt-x-vt-i-solutions.htm.  Intel Virtualization Technology. http:\/\/www.intel.com\/technology\/itj\/2006\/v10i3\/1-hardware\/6-vt-x-vt-i-solutions.htm."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314399"},{"key":"e_1_3_2_1_20_1","first-page":"295","volume-title":"In 12th USENIX Security Symposium","author":"Kennell R.","year":"2003","unstructured":"R. Kennell and L. H. Jamieson . Establishing the genuinity of remote computer systems . In In 12th USENIX Security Symposium , pages 295 -- 310 , Washington, DC, USA , Aug. 2003 . R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In In 12th USENIX Security Symposium, pages 295--310, Washington, DC, USA, Aug. 2003."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/91385.91449"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572303"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF01840446"},{"key":"e_1_3_2_1_27_1","unstructured":"Norman SandBox. http:\/\/www.norman.com\/microsites\/nsic\/en-us.  Norman SandBox. http:\/\/www.norman.com\/microsites\/nsic\/en-us."},{"key":"e_1_3_2_1_28_1","volume-title":"8th CanSecWest Applied Technical Security Conference","author":"Ormandy T.","year":"2007","unstructured":"T. Ormandy . An empirical study into the security exposure to hosts of hostile virtualized environments . In 8th CanSecWest Applied Technical Security Conference , Vancouver, BC, Canada , Apr. 2007 . T. Ormandy. An empirical study into the security exposure to hosts of hostile virtualized environments. In 8th CanSecWest Applied Technical Security Conference, Vancouver, BC, Canada, Apr. 2007."},{"key":"e_1_3_2_1_29_1","unstructured":"QEMU. http:\/\/fabrice.bellard.free.fr\/qemu\/.  QEMU. http:\/\/fabrice.bellard.free.fr\/qemu\/."},{"key":"e_1_3_2_1_30_1","first-page":"1","volume-title":"10th International Conference (ISC)","author":"Raffetseder T.","year":"2007","unstructured":"T. Raffetseder , C. Kr\u00fcgel , and E. Kirda . Detecting system emulators. In Information Security , 10th International Conference (ISC) , pages 1 -- 18 , Valpara\u00edso, Chile , Oct. 2007 . T. Raffetseder, C. Kr\u00fcgel, and E. Kirda. Detecting system emulators. In Information Security, 10th International Conference (ISC), pages 1--18, Valpara\u00edso, Chile, Oct. 2007."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251306.1251316"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.27"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519073"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2008.4690853"},{"issue":"3","key":"e_1_3_2_1_36_1","article-title":"A survey of program slicing techniques","volume":"3","author":"Tip F.","year":"1995","unstructured":"F. Tip . A survey of program slicing techniques . Journal of Programming Languages , 3 ( 3 ), 1995 . F. Tip. A survey of program slicing techniques. Journal of Programming Languages, 3(3), 1995.","journal-title":"Journal of Programming Languages"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"CCS '09: 16th ACM Conference on Computer and Communications Security 2009","location":"Chicago Illinois USA","acronym":"CCS '09","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 1st ACM workshop on Virtual machine security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1655148.1655151","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1655148.1655151","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:32Z","timestamp":1750250732000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1655148.1655151"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,11,9]]},"references-count":36,"alternative-id":["10.1145\/1655148.1655151","10.1145\/1655148"],"URL":"https:\/\/doi.org\/10.1145\/1655148.1655151","relation":{},"subject":[],"published":{"date-parts":[[2009,11,9]]},"assertion":[{"value":"2009-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}