{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:57:32Z","timestamp":1772042252494,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,16]],"date-time":"2012-10-16T00:00:00Z","timestamp":1350345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,16]]},"DOI":"10.1145\/2382196.2382217","type":"proceedings-article","created":{"date-parts":[[2012,10,15]],"date-time":"2012-10-15T17:13:12Z","timestamp":1350321192000},"page":"169-182","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":59,"title":["Aligot"],"prefix":"10.1145","author":[{"given":"Joan","family":"Calvet","sequence":"first","affiliation":[{"name":"Universite de Lorraine, LORIA, Nancy, France"}]},{"given":"Jos\u00e9 M.","family":"Fernandez","sequence":"additional","affiliation":[{"name":"Ecole Polytechnique de Montreal, Montreal, Canada"}]},{"given":"Jean-Yves","family":"Marion","sequence":"additional","affiliation":[{"name":"Universite de Lorraine, LORIA, Nancy, France"}]}],"member":"320","published-online":{"date-parts":[[2012,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AsProtect packer. http:\/\/www.aspack.com\/asprotect.html.  AsProtect packer. http:\/\/www.aspack.com\/asprotect.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Polar SSL library Web site. http:\/\/polarssl.org.  Polar SSL library Web site. http:\/\/polarssl.org."},{"key":"e_1_3_2_1_3_1","volume-title":"Principles of Compiler Design","author":"Aho A.","year":"1977","unstructured":"A. Aho , J. Ullman , and S. Biswas . Principles of Compiler Design . Addison-Wesley , 1977 . A. Aho, J. Ullman, and S. Biswas. Principles of Compiler Design. Addison-Wesley, 1977."},{"key":"e_1_3_2_1_4_1","unstructured":"L. Auriemma. Signsrch tool. http:\/\/aluigi.altervista.org\/mytoolz.htm.  L. Auriemma. Signsrch tool. http:\/\/aluigi.altervista.org\/mytoolz.htm."},{"key":"e_1_3_2_1_5_1","unstructured":"F. Boldewin. Peacomm.c Cracking the nutshell. http:\/\/www.reconstructer.org\/papers\/Peacomm.C - Cracking the nutshell.zip.  F. Boldewin. Peacomm.c Cracking the nutshell. http:\/\/www.reconstructer.org\/papers\/Peacomm.C - Cracking the nutshell.zip."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653737"},{"key":"e_1_3_2_1_7_1","first-page":"88","volume-title":"4th Int. Conf. on Malicious and Unwanted Software (MALWARE)","author":"Calvet J.","year":"2009","unstructured":"J. Calvet , C. Davis , and P. Bureau . Malware authors don't learn, and that's good! In Proc . 4th Int. Conf. on Malicious and Unwanted Software (MALWARE) , pages 88 -- 97 . IEEE, 2009 . J. Calvet, C. Davis, and P. Bureau. Malware authors don't learn, and that's good! In Proc. 4th Int. Conf. on Malicious and Unwanted Software (MALWARE), pages 88--97. IEEE, 2009."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The design of Rijndael: AES--the advanced encryption standard","author":"Daemen J.","year":"2002","unstructured":"J. Daemen and V. Rijmen . The design of Rijndael: AES--the advanced encryption standard . Springer-Verlag , 2002 . J. Daemen and V. Rijmen. The design of Rijndael: AES--the advanced encryption standard. Springer-Verlag, 2002."},{"key":"e_1_3_2_1_9_1","volume-title":"Obfuscation. In Reverse Engineering Conference (REcon)","author":"Falli\u00e8re N.","year":"2010","unstructured":"N. Falli\u00e8re . Reversing Trojan .Mebroot's Obfuscation. In Reverse Engineering Conference (REcon) , 2010 . N. Falli\u00e8re. Reversing Trojan.Mebroot's Obfuscation. In Reverse Engineering Conference (REcon), 2010."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_3"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"e_1_3_2_1_12_1","unstructured":"S. Henson et al. OpenSSL library. http:\/\/openssl.org.  S. Henson et al. OpenSSL library. http:\/\/openssl.org."},{"key":"e_1_3_2_1_13_1","volume-title":"Introduction to automata theory, languages, and computation","author":"Hopcroft J.","year":"2007","unstructured":"J. Hopcroft , R. Motwani , and J. Ullman . Introduction to automata theory, languages, and computation . Addison-Wesley , 2007 . J. Hopcroft, R. Motwani, and J. Ullman. Introduction to automata theory, languages, and computation. Addison-Wesley, 2007."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.1984.1676404"},{"key":"e_1_3_2_1_15_1","unstructured":"I. O. Levin. Draft crypto analyzer (draca). http:\/\/www.literatecode.com\/draca.  I. O. Levin. Draft crypto analyzer (draca). http:\/\/www.literatecode.com\/draca."},{"key":"e_1_3_2_1_16_1","volume-title":"PyCrypto - The python cryptography toolkit","author":"Litzenberger D.","year":"2011","unstructured":"D. Litzenberger . PyCrypto - The python cryptography toolkit , 2011 . D. Litzenberger. PyCrypto - The python cryptography toolkit, 2011."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1064978.1065034"},{"key":"e_1_3_2_1_18_1","volume-title":"ETH Z\u00fcrich","author":"Lutz N.","year":"2008","unstructured":"N. Lutz . Towards revealing attacker's intent by automatically decrypting network traffic. Master's thesis , ETH Z\u00fcrich , Switzerland , 2008 . N. Lutz. Towards revealing attacker's intent by automatically decrypting network traffic. Master's thesis, ETH Z\u00fcrich, Switzerland, 2008."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.002"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-1985-0777282-X"},{"key":"e_1_3_2_1_21_1","volume-title":"Proc. CARO Workshop","author":"Morgenstern M.","year":"2010","unstructured":"M. Morgenstern and H. Pilz . Useful and useless statistics about viruses and anti-virus programs . In Proc. CARO Workshop , 2010 . M. Morgenstern and H. Pilz. Useful and useless statistics about viruses and anti-virus programs. In Proc. CARO Workshop, 2010."},{"key":"e_1_3_2_1_22_1","unstructured":"L. O Murchu. Trojan.silentbanker decryption. http:\/\/www.symantec.com\/connect\/blogs\/trojansilentbanker-decryption.  L. O Murchu. Trojan.silentbanker decryption. http:\/\/www.symantec.com\/connect\/blogs\/trojansilentbanker-decryption."},{"key":"e_1_3_2_1_23_1","volume-title":"RFC 1321: The MD5 message-digest algorithm. Internet Activities Board, 143","author":"Rivest R.","year":"1992","unstructured":"R. Rivest . RFC 1321: The MD5 message-digest algorithm. Internet Activities Board, 143 , 1992 . R. Rivest. RFC 1321: The MD5 message-digest algorithm. Internet Activities Board, 143, 1992."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1949.tb00928.x"},{"key":"e_1_3_2_1_26_1","volume-title":"Black Hat Technical Security Conference","author":"Stewart N.","year":"2008","unstructured":"N. Stewart . Inside the storm: Protocols and encryption of the Storm botnet . In Black Hat Technical Security Conference , 2008 . N. Stewart. Inside the storm: Protocols and encryption of the Storm botnet. In Black Hat Technical Security Conference, 2008."},{"key":"e_1_3_2_1_27_1","volume-title":"CIO Digest: Strategies and Analysis from Symantec","author":"Trilling S.","year":"2008","unstructured":"S. Trilling . Project Green Bay - Calling a Blitz on Packers . In CIO Digest: Strategies and Analysis from Symantec , 2008 . S. Trilling. Project Green Bay - Calling a Blitz on Packers. In CIO Digest: Strategies and Analysis from Symantec, 2008."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/822079.822711"},{"key":"e_1_3_2_1_29_1","unstructured":"VeriSign. Silentbanker analysis. http:\/\/www.verisign.com\/static\/043671.pdf.  VeriSign. Silentbanker analysis. http:\/\/www.verisign.com\/static\/043671.pdf."},{"key":"e_1_3_2_1_30_1","unstructured":"Russian TEA assembly code. http:\/\/www.xakep.ru\/post\/22086\/default.asp.  Russian TEA assembly code. http:\/\/www.xakep.ru\/post\/22086\/default.asp."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/1813084.1813102"},{"key":"e_1_3_2_1_33_1","unstructured":"PEiD Krypto Analyzer (kanal). http:\/\/www.peid.info.  PEiD Krypto Analyzer (kanal). http:\/\/www.peid.info."},{"key":"e_1_3_2_1_34_1","unstructured":"RC4 source code. http:\/\/cypherpunks.venona.com\/date\/1994\/09\/msg00304.html.  RC4 source code. http:\/\/cypherpunks.venona.com\/date\/1994\/09\/msg00304.html."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","first-page":"363","DOI":"10.1007\/3-540-60590-8_29","volume-title":"Proc. Fast Software Encryption","author":"Wheeler D.","year":"1995","unstructured":"D. Wheeler and R. Needham . TEA, a tiny encryption algorithm . In Proc. Fast Software Encryption , pages 363 -- 366 . Springer , 1995 . D. Wheeler and R. Needham. TEA, a tiny encryption algorithm. In Proc. Fast Software Encryption, pages 363--366. Springer, 1995."},{"key":"e_1_3_2_1_36_1","unstructured":"V. Zakorzhevsky. A new version of Sality at large. http:\/\/www.securelist.com\/en\/blog\/180\/A_new_version_of_Sality_at_large.  V. Zakorzhevsky. A new version of Sality at large. http:\/\/www.securelist.com\/en\/blog\/180\/A_new_version_of_Sality_at_large."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/2051002.2051020"}],"event":{"name":"CCS'12: the ACM Conference on Computer and Communications Security","location":"Raleigh North Carolina USA","acronym":"CCS'12","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2012 ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382217","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2382196.2382217","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:42Z","timestamp":1750239282000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382217"}},"subtitle":["cryptographic function identification in obfuscated binary programs"],"short-title":[],"issued":{"date-parts":[[2012,10,16]]},"references-count":36,"alternative-id":["10.1145\/2382196.2382217","10.1145\/2382196"],"URL":"https:\/\/doi.org\/10.1145\/2382196.2382217","relation":{},"subject":[],"published":{"date-parts":[[2012,10,16]]},"assertion":[{"value":"2012-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}