{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T15:44:09Z","timestamp":1756309449578,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,12,9]],"date-time":"2014-12-09T00:00:00Z","timestamp":1418083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1017305,1117369"],"award-info":[{"award-number":["1017305,1117369"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,12,9]]},"DOI":"10.1145\/2689702.2689703","type":"proceedings-article","created":{"date-parts":[[2015,1,7]],"date-time":"2015-01-07T14:36:23Z","timestamp":1420641383000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Mixed-Mode Malware and Its Analysis"],"prefix":"10.1145","author":[{"given":"Shabnam","family":"Aboughadareh","sequence":"first","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX 76019, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph","family":"Csallner","sequence":"additional","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX 76019, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mehdi","family":"Azarmi","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN 47907, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2010.39"},{"key":"e_1_3_2_1_2_1","volume-title":"Efficient detection of split personalities in malware","author":"Balzarotti D.","year":"2010","unstructured":"D. Balzarotti , M. Cova , C. Karlberger , E. Kirda , C. Kr\u00fcgel , and G. Vigna . Efficient detection of split personalities in malware . In NDSS. The Internet Society , 2010 . D. Balzarotti, M. Cova, C. Karlberger, E. Kirda, C. Kr\u00fcgel, and G. Vigna. Efficient detection of split personalities in malware. In NDSS. The Internet Society, 2010."},{"key":"e_1_3_2_1_3_1","article-title":"A multihost, multitarget emulator","author":"Bartholomew D.","year":"2006","unstructured":"D. Bartholomew . QEMU : A multihost, multitarget emulator . Linux Journal, (145) , 2006 . D. Bartholomew. QEMU: A multihost, multitarget emulator. Linux Journal, (145), 2006.","journal-title":"Linux Journal, (145)"},{"key":"e_1_3_2_1_4_1","volume-title":"EICAR. EICAR","author":"Bayer U.","year":"2006","unstructured":"U. Bayer , C. Kr\u00fcgel , and E. Kirda . TTAnalyze: A tool for analyzing malware . In EICAR. EICAR , 2006 . U. Bayer, C. Kr\u00fcgel, and E. Kirda. TTAnalyze: A tool for analyzing malware. In EICAR. EICAR, 2006."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0012-2"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653729"},{"key":"e_1_3_2_1_7_1","volume-title":"Pearson Education","author":"Chisnall D.","year":"2007","unstructured":"D. Chisnall . The definitive guide to the Xen hypervisor . Pearson Education , 2007 . D. Chisnall. The definitive guide to the Xen hypervisor. Pearson Education, 2007."},{"key":"e_1_3_2_1_8_1","article-title":"Online exposure","author":"Reports Consumer","year":"2011","unstructured":"Consumer Reports . Online exposure . Consumer Reports Magazine , June 2011 . Consumer Reports. Online exposure. Consumer Reports Magazine, June 2011.","journal-title":"Consumer Reports Magazine"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_11_1","volume-title":"Virus Bulletin. Virus Bulletin","author":"Florio E.","year":"2005","unstructured":"E. Florio . When malware meets rootkits . In Virus Bulletin. Virus Bulletin , 2005 . E. Florio. When malware meets rootkits. In Virus Bulletin. Virus Bulletin, 2005."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2505124"},{"key":"e_1_3_2_1_14_1","volume-title":"A virtual machine introspection based architecture for intrusion detection","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A virtual machine introspection based architecture for intrusion detection . In NDSS. The Internet Society , 2003 . T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In NDSS. The Internet Society, 2003."},{"key":"e_1_3_2_1_15_1","article-title":"Virtualization with KVM","author":"Habib I.","year":"2008","unstructured":"I. Habib . Virtualization with KVM . Linux Journal, (166) , 2008 . I. Habib. Virtualization with KVM. Linux Journal, (166), 2008.","journal-title":"Linux Journal, (166)"},{"key":"e_1_3_2_1_16_1","volume-title":"LEET. USENIX","author":"Holz T.","year":"2008","unstructured":"T. Holz , M. Steiner , F. Dahl , E. Biersack , and F. C. Freiling . Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm . In LEET. USENIX , 2008 . T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In LEET. USENIX, 2008."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776450"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_19_1","volume-title":"Virus Bulletin Conference","author":"Kapoor A.","year":"2011","unstructured":"A. Kapoor and R. Mathur . Predicting the future of stealth attacks . In Virus Bulletin Conference , 2011 . A. Kapoor and R. Mathur. Predicting the future of stealth attacks. In Virus Bulletin Conference, 2011."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046740"},{"key":"e_1_3_2_1_21_1","volume-title":"K-tracer: A system for extracting kernel malware behavior","author":"Lanzi A.","year":"2009","unstructured":"A. Lanzi , M. Sharif , and W. Lee . K-tracer: A system for extracting kernel malware behavior . In NDSS. The Internet Society , 2009 . A. Lanzi, M. Sharif, and W. Lee. K-tracer: A system for extracting kernel malware behavior. In NDSS. The Internet Society, 2009."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884852"},{"key":"e_1_3_2_1_24_1","volume-title":"Black Hat Briefings USA","author":"Quynh N. A.","year":"2010","unstructured":"N. A. Quynh and K. Suzaki . Virt-ICE: Next-generation debugger for malware analysis . Black Hat Briefings USA , July 2010 . N. A. Quynh and K. Suzaki. Virt-ICE: Next-generation debugger for malware analysis. Black Hat Briefings USA, July 2010."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/1433006.1433008"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"e_1_3_2_1_27_1","volume-title":"Microsoft Windows Internals: Microsoft Windows Server","author":"Russinovich M. E.","year":"2003","unstructured":"M. E. Russinovich and D. A. Solomon . Microsoft Windows Internals: Microsoft Windows Server 2003 , Windows XP, and Windows 2000. Microsoft Press , fourth edition, 2005. M. E. Russinovich and D. A. Solomon. Microsoft Windows Internals: Microsoft Windows Server 2003, Windows XP, and Windows 2000. Microsoft Press, fourth edition, 2005."},{"key":"e_1_3_2_1_28_1","volume-title":"A programmer's cookbook","author":"Schreiber S. B.","year":"2001","unstructured":"S. B. Schreiber . Undocumented Windows 2000 secrets : A programmer's cookbook . Addison-Wesley , 2001 . S. B. Schreiber. Undocumented Windows 2000 secrets: A programmer's cookbook. Addison-Wesley, 2001."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421012"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_16"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151053"},{"key":"e_1_3_2_1_37_1","volume-title":"Hookfinder: Identifying and understanding malware hooking behaviors","author":"Yin H.","year":"2008","unstructured":"H. Yin , Z. Liang , and D. Song . Hookfinder: Identifying and understanding malware hooking behaviors . In NDSS. The Internet Society , 2008 . H. Yin, Z. Liang, and D. Song. Hookfinder: Identifying and understanding malware hooking behaviors. In NDSS. The Internet Society, 2008."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884850"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"PPREW-4: 4th Program Protection and Reverse Engineering Workshop","acronym":"PPREW-4","location":"New Orleans LA USA"},"container-title":["Proceedings of the 4th Program Protection and Reverse Engineering Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2689702.2689703","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2689702.2689703","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:55:46Z","timestamp":1750272946000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2689702.2689703"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,12,9]]},"references-count":39,"alternative-id":["10.1145\/2689702.2689703","10.1145\/2689702"],"URL":"https:\/\/doi.org\/10.1145\/2689702.2689703","relation":{},"subject":[],"published":{"date-parts":[[2014,12,9]]},"assertion":[{"value":"2014-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}