{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:11:08Z","timestamp":1771330268359,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813665","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"465-478","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":31,"title":["Certified PUP"],"prefix":"10.1145","author":[{"given":"Platon","family":"Kotzias","sequence":"first","affiliation":[{"name":"IMDEA Software Institute & Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"}]},{"given":"Srdjan","family":"Matic","sequence":"additional","affiliation":[{"name":"Universita degli Studi di Milano, Milan, Italy"}]},{"given":"Richard","family":"Rivera","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute & Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"}]},{"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Allowing only signed application to run. https:\/\/technet.microsoft.com\/en-us\/library\/dd723683\\%28v=ws.10\\%29.aspx.  Allowing only signed application to run. https:\/\/technet.microsoft.com\/en-us\/library\/dd723683\\%28v=ws.10\\%29.aspx."},{"key":"e_1_3_2_1_2_1","unstructured":"Ca security council. https:\/\/casecurity.org\/.  Ca security council. https:\/\/casecurity.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Ca\/browser forum. https:\/\/cabforum.org\/.  Ca\/browser forum. https:\/\/cabforum.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Catalog files and digital signatures. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff537872\\%28v=vs.85\\%29.aspx.  Catalog files and digital signatures. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff537872\\%28v=vs.85\\%29.aspx."},{"key":"e_1_3_2_1_5_1","unstructured":"Ccss forum: Common computing security standards. http:\/\/www.ccssforum.org\/.  Ccss forum: Common computing security standards. http:\/\/www.ccssforum.org\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Cross-certificates for kernel mode code signing. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/dn170454\\%28v=vs.85\\%29.aspx.  Cross-certificates for kernel mode code signing. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/dn170454\\%28v=vs.85\\%29.aspx."},{"key":"e_1_3_2_1_7_1","unstructured":"Malsign Project. http:\/\/www.malsign.org\/.  Malsign Project. http:\/\/www.malsign.org\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Malware Analysis Report - W64\/Regin Stage 1. https:\/\/www.f-secure.com\/documents\/996508\/1030745\/w64_regin_stage_1.pdf.  Malware Analysis Report - W64\/Regin Stage 1. https:\/\/www.f-secure.com\/documents\/996508\/1030745\/w64_regin_stage_1.pdf."},{"key":"e_1_3_2_1_9_1","unstructured":"Malwarebytes PUP Reconsideration Information. https:\/\/www.malwarebytes.org\/pup\/.  Malwarebytes PUP Reconsideration Information. https:\/\/www.malwarebytes.org\/pup\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Practical windows code and driver signing. http:\/\/www.davidegrayson.com\/signing\/.  Practical windows code and driver signing. http:\/\/www.davidegrayson.com\/signing\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Signtool. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa387764\\%28v=vs.85\\%29.aspx.  Signtool. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa387764\\%28v=vs.85\\%29.aspx."},{"key":"e_1_3_2_1_12_1","unstructured":"Stuxnet Under the Microscope. http:\/\/www.eset.com\/us\/resources\/white-papers\/Stuxnet_Under_the_Microscope.pdf.  Stuxnet Under the Microscope. http:\/\/www.eset.com\/us\/resources\/white-papers\/Stuxnet_Under_the_Microscope.pdf."},{"key":"e_1_3_2_1_13_1","unstructured":"Unveiling Careto - The Masked APT. http:\/\/kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/vlpdfs\/unveilingthemask_v1.0.pdf.  Unveiling Careto - The Masked APT. http:\/\/kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/vlpdfs\/unveilingthemask_v1.0.pdf."},{"key":"e_1_3_2_1_14_1","unstructured":"Virusshare.com repository. http:\/\/virusshare.com\/.  Virusshare.com repository. http:\/\/virusshare.com\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Virustotal- free online virus malware and url scanner. http:\/\/www.virustotal.com\/.  Virustotal- free online virus malware and url scanner. http:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"Malwarebytes PUP Reconsideration Information April 2014. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2014\/04\/03\/adware-a-new-approach.aspx.  Malwarebytes PUP Reconsideration Information April 2014. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2014\/04\/03\/adware-a-new-approach.aspx."},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Conference on System Administration","author":"Apvrille A.","year":"2004"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776449"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627397"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_21_1","volume-title":"Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC 5280 (Proposed Standard)","author":"Cooper D.","year":"2008"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420992"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_25_1","volume-title":"REcon","author":"Glucksmann I.","year":"2012"},{"key":"e_1_3_2_1_26_1","volume-title":"Rfc 2459: Internet x. 509 public key infrastructure certificate and crl profile","author":"Housley R.","year":"1999"},{"key":"e_1_3_2_1_27_1","volume-title":"Pkcs7: Cryptographic message syntax version 1.5. RFC 2315 (Proposed Standard)","author":"Kaliski B.","year":"1998"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488448"},{"key":"e_1_3_2_1_29_1","volume-title":"November","author":"Labs M.","year":"2014"},{"key":"e_1_3_2_1_30_1","unstructured":"E. Law. Caveats for Authenticode Code Signing September 2014. http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2014\/09\/04\/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx.  E. Law. Caveats for Authenticode Code Signing September 2014. http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2014\/09\/04\/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx."},{"key":"e_1_3_2_1_31_1","volume-title":"Mar. 21","year":"2008"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_7"},{"key":"e_1_3_2_1_33_1","unstructured":"MSDN. Driver Signing Policy. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff548231.aspx.  MSDN. Driver Signing Policy. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff548231.aspx."},{"key":"e_1_3_2_1_34_1","unstructured":"MSDN. \"Stranger Danger\" - Introducing SmartScreen Application Reputation. http:\/\/blogs.msdn.com\/b\/ie\/archive\/2010\/10\/13\/stranger-danger-introducing-smartscreen-application-reputation.aspx.  MSDN. \"Stranger Danger\" - Introducing SmartScreen Application Reputation. http:\/\/blogs.msdn.com\/b\/ie\/archive\/2010\/10\/13\/stranger-danger-introducing-smartscreen-application-reputation.aspx."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0248-7"},{"key":"e_1_3_2_1_36_1","volume-title":"April","year":"2014"},{"key":"e_1_3_2_1_37_1","volume-title":"May","author":"Niemala J.","year":"2010"},{"key":"e_1_3_2_1_38_1","volume-title":"June","author":"Santesson S.","year":"2013"},{"key":"e_1_3_2_1_39_1","unstructured":"D. Stevens. Playing with authenticode and md5 collisions 2009. http:\/\/blog.didierstevens.com\/2009\/01\/17\/playing-with-authenticode-and-md5-collisions\/.  D. Stevens. Playing with authenticode and md5 collisions 2009. http:\/\/blog.didierstevens.com\/2009\/01\/17\/playing-with-authenticode-and-md5-collisions\/."},{"key":"e_1_3_2_1_40_1","volume-title":"2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Wicherski G.","year":"2009"},{"key":"e_1_3_2_1_41_1","volume-title":"Virus Bulletin Conference","author":"Wood M.","year":"2010"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966987"},{"key":"e_1_3_2_1_43_1","volume-title":"USENIX Workshop on Hot Topics in Security","author":"Wurster G.","year":"2007"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813665","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813665","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:24Z","timestamp":1750225704000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813665"}},"subtitle":["Abuse in Authenticode Code Signing"],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":43,"alternative-id":["10.1145\/2810103.2813665","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813665","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}