{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:36:21Z","timestamp":1773192981592,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":106,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Sichuan Province Research and Technology Supporting Plan"},{"name":"The University of Texas System STARs Program"},{"name":"The National Natural Science Foundation of China","award":["U1636107 61373168 61332019 and 61672394"],"award-info":[{"award-number":["U1636107 61373168 61332019 and 61672394"]}]},{"name":"The National Key R&D Program of China","award":["2017YF-B0802903"],"award-info":[{"award-number":["2017YF-B0802903"]}]},{"name":"The Natural Science Foundation of Hubei Province of China","award":["2017CFB307"],"award-info":[{"award-number":["2017CFB307"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243771","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T12:56:36Z","timestamp":1539694596000},"page":"395-411","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["Towards Paving the Way for Large-Scale Windows Malware Analysis"],"prefix":"10.1145","author":[{"given":"Binlin","family":"Cheng","sequence":"first","affiliation":[{"name":"Wuhan University & Hubei Normal University, Wuhan , China"}]},{"given":"Jiang","family":"Ming","sequence":"additional","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX, USA"}]},{"given":"Jianmin","family":"Fu","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan , China"}]},{"given":"Guojun","family":"Peng","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"given":"Ting","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China, Chengdu, China"}]},{"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China, Chengdu, China"}]},{"given":"Jean-Yves","family":"Marion","sequence":"additional","affiliation":[{"name":"Universit\u00e9 de Lorraine, Nancy, France"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Aguila. 2016. Scylla - x64\/x86 Imports Reconstruction. https:\/\/github.com\/ NtQuery\/Scylla. (2016).  Aguila. 2016. Scylla - x64\/x86 Imports Reconstruction. https:\/\/github.com\/ NtQuery\/Scylla. (2016)."},{"key":"e_1_3_2_2_2_1","article-title":"Hooking Windows API - Technics of hooking API functions on Windows","volume":"1","author":"Author Anonymous","year":"2004","unstructured":"Anonymous Author . 2004 . Hooking Windows API - Technics of hooking API functions on Windows . The CodeBreakers Journal 1 , 2 (2004). Anonymous Author. 2004. Hooking Windows API - Technics of hooking API functions on Windows. The CodeBreakers Journal 1, 2 (2004).","journal-title":"The CodeBreakers Journal"},{"key":"e_1_3_2_2_3_1","volume-title":"Aggressive, Packed Binary Programs. https:\/\/arxiv.org\/abs\/0905.4581.","author":"Bania Piotr","year":"2009","unstructured":"Piotr Bania . 2009. Generic Unpacking of Self-modifying , Aggressive, Packed Binary Programs. https:\/\/arxiv.org\/abs\/0905.4581. ( 2009 ). Piotr Bania. 2009. Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs. https:\/\/arxiv.org\/abs\/0905.4581. (2009)."},{"key":"e_1_3_2_2_4_1","volume-title":"Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy 19, 3","author":"Bat-Erdene Munkhbayar","year":"2017","unstructured":"Munkhbayar Bat-Erdene , Taebeom Kim , Hyundo Park , and Heejo Lee . 2017. Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy 19, 3 ( 2017 ). Munkhbayar Bat-Erdene, Taebeom Kim, Hyundo Park, and Heejo Lee. 2017. Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy 19, 3 (2017)."},{"key":"e_1_3_2_2_5_1","volume-title":"Proceedings of the 16th Network and Distributed System Security Symposium (NDSS'09)","author":"Bayer Ulrich","year":"2009","unstructured":"Ulrich Bayer , Paolo Milani Comparetti , Clemens Hlauschek , Christopher Kruegel , and Engin Kirda . 2009 . Scalable, Behavior-Based Malware Clustering . In Proceedings of the 16th Network and Distributed System Security Symposium (NDSS'09) . Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda. 2009. Scalable, Behavior-Based Malware Clustering. In Proceedings of the 16th Network and Distributed System Security Symposium (NDSS'09)."},{"key":"e_1_3_2_2_6_1","unstructured":"Henry Belot and Stephanie Borys. 2017. Ransomware attack still looms in Australia as Government warns WannaCry threat not over. http:\/\/www.abc.net.au\/news\/2017-05--15\/ransomware-attack-to-hit-victimsin- australia-government-says\/8526346. (May 16 2017).  Henry Belot and Stephanie Borys. 2017. Ransomware attack still looms in Australia as Government warns WannaCry threat not over. http:\/\/www.abc.net.au\/news\/2017-05--15\/ransomware-attack-to-hit-victimsin- australia-government-says\/8526346. (May 16 2017)."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1972551.1972556"},{"key":"e_1_3_2_2_8_1","unstructured":"Lutz B\u00f6hne. 2008. Pandora's Bochs: Automatic unpacking of malware. University of Mannheim 6 (2008).  Lutz B\u00f6hne. 2008. Pandora's Bochs: Automatic unpacking of malware. University of Mannheim 6 (2008)."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813627"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_10"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3150376.3150378"},{"key":"e_1_3_2_2_12_1","volume-title":"Blackout: What really happened. Black Hat USA.","author":"Butler Jamie","year":"2007","unstructured":"Jamie Butler and Kris Kendal . 2007 . Blackout: What really happened. Black Hat USA. (2007). Jamie Butler and Kris Kendal. 2007. Blackout: What really happened. Black Hat USA. (2007)."},{"key":"e_1_3_2_2_13_1","volume-title":"Understanding Swizzor's Obfuscation Scheme. REcon","author":"Joan Calvet and Pierre-Marc Bureau","year":"2010","unstructured":"Joan Calvet and Pierre-Marc Bureau . 2010. Understanding Swizzor's Obfuscation Scheme. REcon 2010 . (2010). Joan Calvet and Pierre-Marc Bureau. 2010. Understanding Swizzor's Obfuscation Scheme. REcon 2010. (2010)."},{"key":"e_1_3_2_2_14_1","volume-title":"Virus Bulletin Conference.","author":"Calvet Joan","year":"2015","unstructured":"Joan Calvet , Fanny Lalonde L\u00e9vesque , Jose M. Fernandez , Erwann Traourouder , Francois Menet , and Jean-Yves Marion . 2015 . WaveAtlas: surfing through the landscape of current malware packers . Virus Bulletin Conference. (2015). Joan Calvet, Fanny Lalonde L\u00e9vesque, Jose M. Fernandez, Erwann Traourouder, Francois Menet, and Jean-Yves Marion. 2015. WaveAtlas: surfing through the landscape of current malware packers. Virus Bulletin Conference. (2015)."},{"key":"e_1_3_2_2_15_1","unstructured":"Cisco. 2017. Cisco 2017 Midyear Cybersecurity Report. https:\/\/www.cisco.com\/ c\/m\/en_au\/products\/security\/offers\/annual-cybersecurity-report-2017.html. (2017).  Cisco. 2017. Cisco 2017 Midyear Cybersecurity Report. https:\/\/www.cisco.com\/ c\/m\/en_au\/products\/security\/offers\/annual-cybersecurity-report-2017.html. (2017)."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"e_1_3_2_2_17_1","unstructured":"DataRescue. 2005. Using the Universal PE Unpacker Plug-in included in IDA Pro 4.9 to unpack compressed executables. https:\/\/www.hex-rays.com\/products\/ida\/ support\/tutorials\/unpack_pe\/unpacking.pdf. (2005).  DataRescue. 2005. Using the Universal PE Unpacker Plug-in included in IDA Pro 4.9 to unpack compressed executables. https:\/\/www.hex-rays.com\/products\/ida\/ support\/tutorials\/unpack_pe\/unpacking.pdf. (2005)."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2010.22"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_2_20_1","volume-title":"Malcode Context of API Abuse","author":"Dunham Ken","year":"2011","unstructured":"Ken Dunham and Egan Hadsell . 2011. Malcode Context of API Abuse . SANS Institute InfoSec Reading Room . ( 2011 ). Ken Dunham and Egan Hadsell. 2011. Malcode Context of API Abuse. SANS Institute InfoSec Reading Room. (2011)."},{"key":"e_1_3_2_2_21_1","unstructured":"Peter Ferrie. 2008. Anti-unpacker tricks. Virus Bulletin. (2008).  Peter Ferrie. 2008. Anti-unpacker tricks. Virus Bulletin. (2008)."},{"key":"e_1_3_2_2_22_1","unstructured":"Stephen Fewer. 2013. Reflective DLL Injection. https:\/\/github.com\/stephenfewer\/ ReflectiveDLLInjection. (2013).  Stephen Fewer. 2013. Reflective DLL Injection. https:\/\/github.com\/stephenfewer\/ ReflectiveDLLInjection. (2013)."},{"key":"e_1_3_2_2_23_1","volume-title":"Proceedings of the 2004 GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'04)","author":"Flake Halvar","year":"2004","unstructured":"Halvar Flake . 2004 . Structural comparison of executable objects .. In Proceedings of the 2004 GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'04) . Halvar Flake. 2004. Structural comparison of executable objects.. In Proceedings of the 2004 GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'04)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.43"},{"key":"e_1_3_2_2_25_1","unstructured":"Gabriela Limon Garcia. 2007. Forensic physical memory analysis: an overview of tools and techniques. In TKK T-110.5290 Seminar on Network Security. 305--320.  Gabriela Limon Garcia. 2007. Forensic physical memory analysis: an overview of tools and techniques. In TKK T-110.5290 Seminar on Network Security. 305--320."},{"key":"e_1_3_2_2_26_1","volume-title":"Understanding, Denying and Detecting. arXiv CoRR abs\/1408.1136","author":"Gardiner Joseph","year":"2014","unstructured":"Joseph Gardiner , Marco Cova , and Shishir Nagaraja . 2014. Command & Control : Understanding, Denying and Detecting. arXiv CoRR abs\/1408.1136 ( 2014 ). http: \/\/arxiv.org\/abs\/1408.1136 Joseph Gardiner, Marco Cova, and Shishir Nagaraja. 2014. Command & Control: Understanding, Denying and Detecting. arXiv CoRR abs\/1408.1136 (2014). http: \/\/arxiv.org\/abs\/1408.1136"},{"key":"e_1_3_2_2_27_1","unstructured":"Emre G\u00fcler. 2017. Anti-Sandboxing Techniques in Cerber Ransomware. VMRay Blog. (2017).  Emre G\u00fcler. 2017. Anti-Sandboxing Techniques in Cerber Ransomware. VMRay Blog. (2017)."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"e_1_3_2_2_29_1","unstructured":"Irfan Ul Haq Sergio Chica Juan Caballero and Somesh Jha. 2017. Malware Lineage in the Wild. arXiv:1710.05202 {cs.CR}. (2017).  Irfan Ul Haq Sergio Chica Juan Caballero and Somesh Jha. 2017. Malware Lineage in the Wild. arXiv:1710.05202 {cs.CR}. (2017)."},{"key":"e_1_3_2_2_30_1","unstructured":"Ashkan Hosseini. 2017. Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques. Endpoint Security Blog. (2017).  Ashkan Hosseini. 2017. Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques. Endpoint Security Blog. (2017)."},{"key":"e_1_3_2_2_31_1","volume-title":"Proceedings of the 2013 USENIX Conference on Annual Technical Conference (USENIX ATC'13).","author":"Hu Xin","unstructured":"Xin Hu , Sandeep Bhatkar , Kent Griffin , and Kang G. Shin . 2013. MutantX-S: Scalable Malware Clustering Based on Static Features . In Proceedings of the 2013 USENIX Conference on Annual Technical Conference (USENIX ATC'13). Xin Hu, Sandeep Bhatkar, Kent Griffin, and Kang G. Shin. 2013. MutantX-S: Scalable Malware Clustering Based on Static Features. In Proceedings of the 2013 USENIX Conference on Annual Technical Conference (USENIX ATC'13)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653736"},{"key":"e_1_3_2_2_33_1","volume-title":"3rd Usenix Windows NT Symposium.","author":"Hunt Galen","year":"1999","unstructured":"Galen Hunt and Doug Brubacher . 1999 . Detours: Binary interception of win32 functions . In 3rd Usenix Windows NT Symposium. Galen Hunt and Doug Brubacher. 1999. Detours: Binary interception of win32 functions. In 3rd Usenix Windows NT Symposium."},{"key":"e_1_3_2_2_34_1","unstructured":"Huorong Network. 2017. The Introduction to Huorong Anti-Virus Engine. http: \/\/www.huorong.cn\/doc\/introduce_engine.pdf. (2017).  Huorong Network. 2017. The Introduction to Huorong Anti-Virus Engine. http: \/\/www.huorong.cn\/doc\/introduce_engine.pdf. (2017)."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2016.28"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314399"},{"key":"e_1_3_2_2_37_1","volume-title":"Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE'10)","author":"Kawakoya Yuhei","year":"2010","unstructured":"Yuhei Kawakoya , Makoto Iwamura , and Mitsutaka Itoh . 2010 . Memory behaviorbased automatic malware unpacking in stealth debugging environment . In Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE'10) . Yuhei Kawakoya, Makoto Iwamura, and Mitsutaka Itoh. 2010. Memory behaviorbased automatic malware unpacking in stealth debugging environment. In Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE'10)."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_7"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_10"},{"key":"e_1_3_2_2_40_1","volume-title":"An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation. IEICE TRANSACTIONS on Information and Systems E94-D, 9","author":"Kim Hyung Chan","year":"2011","unstructured":"Hyung Chan Kim , Tatsunori ORII , Katsunari Yoshioka , Daisuke Inoue , Jungsuk Song , Masashi ETO , Junji Shikata , Tsutomu Matsumoto , and Koji Nakao . 2011. An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation. IEICE TRANSACTIONS on Information and Systems E94-D, 9 ( 2011 ). Hyung Chan Kim, Tatsunori ORII, Katsunari Yoshioka, Daisuke Inoue, Jungsuk Song, Masashi ETO, Junji Shikata, Tsutomu Matsumoto, and Koji Nakao. 2011. An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation. IEICE TRANSACTIONS on Information and Systems E94-D, 9 (2011)."},{"key":"e_1_3_2_2_41_1","unstructured":"Paul Kimayong. 2017. New Breed of Cerber Ransomware Employs Anti-Sandbox Armoring. https:\/\/www.cyphort.com\/new-breed-of-cerberransomware- employs-anti-sandbox-armoring. (2017).  Paul Kimayong. 2017. New Breed of Cerber Ransomware Employs Anti-Sandbox Armoring. https:\/\/www.cyphort.com\/new-breed-of-cerberransomware- employs-anti-sandbox-armoring. (2017)."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813642"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053035"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2016.7888727"},{"key":"e_1_3_2_2_45_1","volume-title":"Proceedings of the 13th USENIX Security Symposium (USENIX Security'04)","author":"Kruegel C.","unstructured":"C. Kruegel , W. Robertson , F. Valeur , and G. Vigna . 2004. Static Disassembly of Obfuscated Binaries . In Proceedings of the 13th USENIX Security Symposium (USENIX Security'04) . C. Kruegel, W. Robertson, F. Valeur, and G. Vigna. 2004. Static Disassembly of Obfuscated Binaries. In Proceedings of the 13th USENIX Security Symposium (USENIX Security'04)."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831722"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.108"},{"key":"e_1_3_2_2_48_1","unstructured":"John Leitch. 2011. Process Hollowing. https:\/\/www.autosectools.com\/Process- Hollowing.pdf. (2011).  John Leitch. 2011. Process Hollowing. https:\/\/www.autosectools.com\/Process- Hollowing.pdf. (2011)."},{"key":"e_1_3_2_2_49_1","volume-title":"Implementing your own generic unpacker. HITB Singapore","author":"Lenoir Julien","year":"2015","unstructured":"Julien Lenoir . 2015. Implementing your own generic unpacker. HITB Singapore 2015 . (2015). Julien Lenoir. 2015. Implementing your own generic unpacker. HITB Singapore 2015. (2015)."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421001"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11145-7_19"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_2_53_1","volume-title":"Bypassing modern sandbox technologies. Master's thesis","author":"Lundsg\u00e5rd Gustav","unstructured":"Gustav Lundsg\u00e5rd and Victor Nedstr\u00f6m . 2016. Bypassing modern sandbox technologies. Master's thesis . Lund University . Gustav Lundsg\u00e5rd and Victor Nedstr\u00f6m. 2016. Bypassing modern sandbox technologies. Master's thesis. Lund University."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.48"},{"key":"e_1_3_2_2_55_1","unstructured":"Sebastiano Mariani Lorenzo Fontana Fabio Gritti and Stefano D'Alessio. 2016. PinDemonium: a DBI-based generic unpacker for Windows executables. Black Hat USA. (2016).  Sebastiano Mariani Lorenzo Fontana Fabio Gritti and Stefano D'Alessio. 2016. PinDemonium: a DBI-based generic unpacker for Windows executables. Black Hat USA. (2016)."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_3_2_2_57_1","unstructured":"Aldo Mazzeo. 2016. Custom LoadLibrary implementation. https:\/\/github.com\/ gbmaster\/loadLibrary. (2016).  Aldo Mazzeo. 2016. Custom LoadLibrary implementation. https:\/\/github.com\/ gbmaster\/loadLibrary. (2016)."},{"key":"e_1_3_2_2_58_1","unstructured":"Microsoft. last reviewed 05\/08\/2018. Linking Explicit. https:\/\/msdn.microsoft. com\/en-us\/library\/784bt7z7.aspx. (last reviewed 05\/08\/2018).  Microsoft. last reviewed 05\/08\/2018. Linking Explicit. https:\/\/msdn.microsoft. com\/en-us\/library\/784bt7z7.aspx. (last reviewed 05\/08\/2018)."},{"key":"e_1_3_2_2_59_1","unstructured":"Microsoft. last reviewed 05\/08\/2018. Linking Implicitly. https:\/\/msdn.microsoft. com\/en-us\/library\/d14wsce5.aspx\/. (last reviewed 05\/08\/2018).  Microsoft. last reviewed 05\/08\/2018. Linking Implicitly. https:\/\/msdn.microsoft. com\/en-us\/library\/d14wsce5.aspx\/. (last reviewed 05\/08\/2018)."},{"key":"e_1_3_2_2_60_1","unstructured":"Matt Miller. 2008. Using dual-mappings to evade automated unpackers. http: \/\/www.uninformed.org\/?v=10&a=1. (2008).  Matt Miller. 2008. Using dual-mappings to evade automated unpackers. http: \/\/www.uninformed.org\/?v=10&a=1. (2008)."},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.17"},{"key":"e_1_3_2_2_62_1","first-page":"1735","article-title":"Rethinking Software Component Security","volume":"59","author":"Min Byungho","year":"2016","unstructured":"Byungho Min and Vijay Varadharajan . 2016 . Rethinking Software Component Security : Software Component Level Integrity and Cross Verification. Comput. J. 59 , 11 (2016), 1735 -- 1748 . Byungho Min and Vijay Varadharajan. 2016. Rethinking Software Component Security: Software Component Level Integrity and Cross Verification. Comput. J. 59, 11 (2016), 1735--1748.","journal-title":"Software Component Level Integrity and Cross Verification. Comput. J."},{"key":"e_1_3_2_2_63_1","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17)","author":"Ming Jiang","year":"2017","unstructured":"Jiang Ming , Dongpeng Xu , Yufei Jiang , and Dinghao Wu . 2017 . BinSim: Tracebased Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking . In Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17) . Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSim: Tracebased Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17)."},{"key":"e_1_3_2_2_64_1","volume-title":"Runtime Packer Testing Experiences. 2nd International CARO Workshop.","author":"Morgenstern M.","year":"2008","unstructured":"M. Morgenstern and A. Marx . 2008 . Runtime Packer Testing Experiences. 2nd International CARO Workshop. ( 2008 ). M. Morgenstern and A. Marx. 2008. Runtime Packer Testing Experiences. 2nd International CARO Workshop. (2008)."},{"key":"e_1_3_2_2_65_1","volume-title":"4th International CARO Workshop.","author":"Morgenstern Maik","year":"2010","unstructured":"Maik Morgenstern and Hendrik Pilz . 2010 . Useful and useless statistics about viruses and anti-virus programs . 4th International CARO Workshop. (2010). Maik Morgenstern and Hendrik Pilz. 2010. Useful and useless statistics about viruses and anti-virus programs. 4th International CARO Workshop. (2010)."},{"key":"e_1_3_2_2_66_1","volume-title":"declares North Korea carried out massive WannaCry cyberattack. The Washington Post. (December 19","author":"Nakashima Ellen","year":"2017","unstructured":"Ellen Nakashima and Philip Rucker . 2017. U. S. declares North Korea carried out massive WannaCry cyberattack. The Washington Post. (December 19 2017 ). Ellen Nakashima and Philip Rucker. 2017. U.S. declares North Korea carried out massive WannaCry cyberattack. The Washington Post. (December 19 2017)."},{"key":"e_1_3_2_2_67_1","unstructured":"Lakshman Nataraj. 2013. Nearly 70% of Packed Windows System files are labeled as Malware. UCSB Sarvam Blog. (2013).  Lakshman Nataraj. 2013. Nearly 70% of Packed Windows System files are labeled as Malware. UCSB Sarvam Blog. (2013)."},{"key":"e_1_3_2_2_68_1","unstructured":"NO-MERCY. 2015. Top Maliciously Used APIs. https:\/\/rstforums.com\/forum\/ topic\/95273-top-maliciously-used-apis\/. (2015).  NO-MERCY. 2015. Top Maliciously Used APIs. https:\/\/rstforums.com\/forum\/ topic\/95273-top-maliciously-used-apis\/. (2015)."},{"key":"e_1_3_2_2_69_1","volume-title":"Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09)","author":"Oberheide Jon","year":"2009","unstructured":"Jon Oberheide , Michael Bailey , and Farnam Jahanian . 2009 . PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion . In Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09) . Jon Oberheide, Michael Bailey, and Farnam Jahanian. 2009. PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion. In Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09)."},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.98"},{"key":"e_1_3_2_2_71_1","volume-title":"Cuckoo Malware Analysis: Analyze malware using Cuckoo Sandbox","author":"Oktavianto Digit","unstructured":"Digit Oktavianto and Iqbal Muhardianto . 2013. Cuckoo Malware Analysis: Analyze malware using Cuckoo Sandbox . Packt Publishing Ltd . Digit Oktavianto and Iqbal Muhardianto. 2013. Cuckoo Malware Analysis: Analyze malware using Cuckoo Sandbox. Packt Publishing Ltd."},{"key":"e_1_3_2_2_72_1","unstructured":"Oreans Technologies. last reviewed 05\/08\/2018. Themida: Advanced Windows Software Protection System. https:\/\/www.oreans.com\/themida.php. (last reviewed 05\/08\/2018).  Oreans Technologies. last reviewed 05\/08\/2018. Themida: Advanced Windows Software Protection System. https:\/\/www.oreans.com\/themida.php. (last reviewed 05\/08\/2018)."},{"key":"e_1_3_2_2_73_1","volume-title":"Annual Report","author":"Security Panda","year":"2017","unstructured":"Panda Security . 2017. PandaLabs Annual Report 2017 . https:\/\/www.pandasecurity. com\/mediacenter\/src\/uploads\/2017\/11\/PandaLabs_Annual_Report_2017.pdf. (2017). Panda Security. 2017. PandaLabs Annual Report 2017. https:\/\/www.pandasecurity. com\/mediacenter\/src\/uploads\/2017\/11\/PandaLabs_Annual_Report_2017.pdf. (2017)."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2008.06.016"},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2006.10.002"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_4"},{"key":"e_1_3_2_2_77_1","volume-title":"Covert Debuging: Circumventing Software Armoring Techniques. Black Hat USA.","author":"Quist Danny","year":"2007","unstructured":"Danny Quist and Valsmith. 2007 . Covert Debuging: Circumventing Software Armoring Techniques. Black Hat USA. (2007). Danny Quist and Valsmith. 2007. Covert Debuging: Circumventing Software Armoring Techniques. Black Hat USA. (2007)."},{"key":"e_1_3_2_2_78_1","unstructured":"Jason Raber and Brian Krumheuer. 2009. QuietRIATT: Rebuilding the Import Address Table Using Hooked DLL Calls. Black Hat DC. (2009).  Jason Raber and Brian Krumheuer. 2009. QuietRIATT: Rebuilding the Import Address Table Using Hooked DLL Calls. Black Hat DC. (2009)."},{"key":"e_1_3_2_2_79_1","volume-title":"last reviewed, 05\/08\/2018","author":"Rival Max","year":"2018","unstructured":"Max Rival . last reviewed, 05\/08\/2018 . Dynamic-Link Library Hijacking . https: \/\/www.exploit-db.com\/docs\/31687.pdf. (last reviewed, 05\/08\/ 2018 ). Max Rival. last reviewed, 05\/08\/2018. Dynamic-Link Library Hijacking. https: \/\/www.exploit-db.com\/docs\/31687.pdf. (last reviewed, 05\/08\/2018)."},{"key":"e_1_3_2_2_80_1","volume-title":"Debugging Windows based applications using WinDbg. Miscrosoft Systems Journal","author":"Robbins J","year":"1999","unstructured":"J Robbins . 1999. Debugging Windows based applications using WinDbg. Miscrosoft Systems Journal ( 1999 ). J Robbins. 1999. Debugging Windows based applications using WinDbg. Miscrosoft Systems Journal (1999)."},{"key":"e_1_3_2_2_81_1","volume-title":"Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10)","author":"Kevin","unstructured":"Kevin A. Roundy and Barton P. Miller. 2010. Hybrid Analysis and Control of Malware . In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10) . Kevin A. Roundy and Barton P. Miller. 2010. Hybrid Analysis and Control of Malware. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10)."},{"key":"e_1_3_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/2522968.2522972"},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_2_84_1","volume-title":"Windows Internals","author":"Russinovich Mark E","unstructured":"Mark E Russinovich , David A Solomon , and Alex Ionescu . 2012. Windows Internals ( 6 th Edition). Microsoft Press . Mark E Russinovich, David A Solomon, and Alex Ionescu. 2012. Windows Internals (6th Edition). Microsoft Press.","edition":"6"},{"key":"e_1_3_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.27"},{"key":"e_1_3_2_2_86_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_31"},{"key":"e_1_3_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_14"},{"key":"e_1_3_2_2_88_1","unstructured":"Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.   Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press."},{"key":"e_1_3_2_2_89_1","volume-title":"Writing JIT-spray shellcode for fun and profit","author":"Sintsov Alexey","year":"2010","unstructured":"Alexey Sintsov . 2010. Writing JIT-spray shellcode for fun and profit . Digital Security Research Group (DSecRG) . ( 2010 ). Alexey Sintsov. 2010. Writing JIT-spray shellcode for fun and profit. Digital Security Research Group (DSecRG). (2010)."},{"key":"e_1_3_2_2_90_1","volume-title":"Shadow Walker: Raising The Bar For Windows Rootkit Detection. Black Hat Japan.","author":"Sparks Sherri","year":"2005","unstructured":"Sherri Sparks and Jamie Butler . 2005 . Shadow Walker: Raising The Bar For Windows Rootkit Detection. Black Hat Japan. (2005). Sherri Sparks and Jamie Butler. 2005. Shadow Walker: Raising The Bar For Windows Rootkit Detection. Black Hat Japan. (2005)."},{"key":"e_1_3_2_2_91_1","unstructured":"Joe Stewart. 2007. Unpacking with OllyBonE. http:\/\/www.joestewart.org\/ ollybone\/. (2007).  Joe Stewart. 2007. Unpacking with OllyBonE. http:\/\/www.joestewart.org\/ ollybone\/. (2007)."},{"key":"e_1_3_2_2_92_1","doi-asserted-by":"publisher","DOI":"10.1007\/11780656_14"},{"key":"e_1_3_2_2_93_1","unstructured":"Gabor Szappanos. 2007. Exepacker blacklisting. Virus Bulletin. (2007).  Gabor Szappanos. 2007. Exepacker blacklisting. Virus Bulletin. (2007)."},{"key":"e_1_3_2_2_94_1","unstructured":"Brad Taylor. 2017. Extortion-based cyber attacks: The next evolution in profit-motivated attack strategies. https:\/\/www.helpnetsecurity.com\/2017\/11\/09\/ extortion-based-cyber-attacks\/. (2017).  Brad Taylor. 2017. Extortion-based cyber attacks: The next evolution in profit-motivated attack strategies. https:\/\/www.helpnetsecurity.com\/2017\/11\/09\/ extortion-based-cyber-attacks\/. (2017)."},{"key":"e_1_3_2_2_95_1","unstructured":"Check Point Research Team. 2017. May's Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally. https:\/\/blog.checkpoint.com\/2017\/06\/20\/mays-wanted-malware-fireballwannacry- impact-1--4-organizations-globally. (2017).  Check Point Research Team. 2017. May's Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally. https:\/\/blog.checkpoint.com\/2017\/06\/20\/mays-wanted-malware-fireballwannacry- impact-1--4-organizations-globally. (2017)."},{"key":"e_1_3_2_2_96_1","unstructured":"Check Point Research Team. 2018. March's Most Wanted Malware: Cryptomining Malware That Works Even Outside the Web Browser on the Rise. https:\/\/blog.checkpoint.com\/2018\/04\/13\/marchs-wanted-malwarecryptomining- malware-works-even-outside-web-browser-rise. (2018).  Check Point Research Team. 2018. March's Most Wanted Malware: Cryptomining Malware That Works Even Outside the Web Browser on the Rise. https:\/\/blog.checkpoint.com\/2018\/04\/13\/marchs-wanted-malwarecryptomining- malware-works-even-outside-web-browser-rise. (2018)."},{"key":"e_1_3_2_2_97_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"e_1_3_2_2_98_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_10"},{"key":"e_1_3_2_2_99_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2012.6181079"},{"key":"e_1_3_2_2_100_1","volume-title":"USENIX Enigma","author":"Vigna Giovanni","year":"2018","unstructured":"Giovanni Vigna and Davide Balzarotti . 2018. When Malware is Packing Heat . In USENIX Enigma 2018 . Giovanni Vigna and Davide Balzarotti. 2018. When Malware is Packing Heat. In USENIX Enigma 2018."},{"key":"e_1_3_2_2_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_2_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.47"},{"key":"e_1_3_2_2_103_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151053"},{"key":"e_1_3_2_2_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.126"},{"key":"e_1_3_2_2_105_1","volume-title":"Captain Hook: Pirating AVS to Bypass Exploit Mitigations. Black Hat USA.","author":"Yavo Udi","year":"2016","unstructured":"Udi Yavo and Tomer Bitton . 2016 . Captain Hook: Pirating AVS to Bypass Exploit Mitigations. Black Hat USA. (2016). Udi Yavo and Tomer Bitton. 2016. Captain Hook: Pirating AVS to Bypass Exploit Mitigations. Black Hat USA. (2016)."},{"key":"e_1_3_2_2_106_1","unstructured":"Lenny Zeltser. 2017. The History of Fileless Malware -- Looking Beyond the Buzzword. https:\/\/zeltser.com\/fileless-malware-beyond-buzzword\/. (2017).  Lenny Zeltser. 2017. The History of Fileless Malware -- Looking Beyond the Buzzword. https:\/\/zeltser.com\/fileless-malware-beyond-buzzword\/. (2017)."}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243771","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243771","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:08:18Z","timestamp":1750212498000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243771"}},"subtitle":["Generic Binary Unpacking with Orders-of-Magnitude Performance Boost"],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":106,"alternative-id":["10.1145\/3243734.3243771","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243771","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}