{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,9]],"date-time":"2026-07-09T15:21:10Z","timestamp":1783610470507,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100007297","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-16-1-2265,N00014-16-1-2912,N00014-17-1-2894"],"award-info":[{"award-number":["N00014-16-1-2265,N00014-16-1-2912,N00014-17-1-2894"]}],"id":[{"id":"10.13039\/100007297","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243827","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T12:56:36Z","timestamp":1539694596000},"page":"442-458","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":41,"title":["VMHunt"],"prefix":"10.1145","author":[{"given":"Dongpeng","family":"Xu","sequence":"first","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jiang","family":"Ming","sequence":"additional","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yu","family":"Fu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dinghao","family":"Wu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659651.2659670"},{"key":"e_1_3_2_2_2_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)","author":"Avgerinos Thanassis","year":"2011"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241241"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995306.2995312"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.67"},{"key":"e_1_3_2_2_7_1","volume-title":"Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P'17)","author":"Bardin S."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/362248.362270"},{"key":"e_1_3_2_2_9_1","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17)","author":"Blazytko Tim","year":"2017"},{"key":"e_1_3_2_2_10_1","volume-title":"Proceedings of the 11th International Workshop on Satisfiability Modulo Theories (SMT'13)","author":"Blumenfeld Ian","year":"2013"},{"key":"e_1_3_2_2_11_1","volume-title":"Proceedings of the 23rd international conference on computer aided verification (CAV'11)","author":"Brumley David"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2689702.2689707"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_2_15_1","unstructured":"Christian Collberg. last reviewed 10\/01\/2017. The Tigress C Diversifier\/Obfuscator. http:\/\/tigress.cs.arizona.edu\/.  Christian Collberg. last reviewed 10\/01\/2017. The Tigress C Diversifier\/Obfuscator. http:\/\/tigress.cs.arizona.edu\/."},{"issue":"4","key":"e_1_3_2_2_16_1","first-page":"258","article-title":"Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection .Addison-Wesley Professional","volume":"4","author":"Collberg Christian","year":"2009","journal-title":"Chapter"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268962"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2011.15"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046739"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.43"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/858570.858575"},{"key":"e_1_3_2_2_22_1","volume-title":"Miasm: Reverse Engineering Framework. RECON.","author":"Desclaux Fabrice","year":"2017"},{"key":"e_1_3_2_2_23_1","unstructured":"Anthony Desnos. 2010. Dynamic Metamorphic (and opensource) Virtual Machines. Hack.lu.  Anthony Desnos. 2010. Dynamic Metamorphic (and opensource) Virtual Machines. Hack.lu."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/360825.360849"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/646666.699857"},{"key":"e_1_3_2_2_27_1","volume-title":"Proceedings of the 2007 International Conference in Computer Aided Verification (CAV'07)","author":"Ganesh Vijay"},{"key":"e_1_3_2_2_28_1","volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)","author":"Godefroid Patrice","year":"2008"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-009-0126-4"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3098995"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_7"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2012.16"},{"key":"e_1_3_2_2_33_1","volume-title":"Proceedings of the 2003 USENIX Annual Technical Conference (ATC'03)","author":"King Samuel T."},{"key":"e_1_3_2_2_34_1","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium (USENIX Security'14)","author":"Kirat Dhilung","year":"2014"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2016.0101"},{"key":"e_1_3_2_2_36_1","volume-title":"Dealing with Virtualization Obfuscators. CARO Workshop.","author":"Lau Boris","year":"2008"},{"key":"e_1_3_2_2_37_1","volume-title":"Proceedings of the 19th International Conference on Information and Communications Security (ICICS'17)","author":"Liang Mingyue","year":"2017"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3015135.3015143"},{"key":"e_1_3_2_2_40_1","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17)","author":"Ming Jiang","year":"2017"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813617"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.98"},{"key":"e_1_3_2_2_44_1","unstructured":"Oreans Technologies. 2015. Protecting Better with Code Virtualizer. http:\/\/oreans.com\/codevirtualizer.php.  Oreans Technologies. 2015. Protecting Better with Code Virtualizer. http:\/\/oreans.com\/codevirtualizer.php."},{"key":"e_1_3_2_2_45_1","unstructured":"Oreans Technologies. last reviewed 10\/01\/2017 a. Code Virtualizer: Total obfuscation against reverse engineering. http:\/\/oreans.com\/codevirtualizer.php.  Oreans Technologies. last reviewed 10\/01\/2017 a. Code Virtualizer: Total obfuscation against reverse engineering. http:\/\/oreans.com\/codevirtualizer.php."},{"key":"e_1_3_2_2_46_1","unstructured":"Oreans Technologies. last reviewed 10\/01\/2017 b. Themida: Advanced Windows Software Protection System. https:\/\/www.oreans.com\/themida.php.  Oreans Technologies. last reviewed 10\/01\/2017 b. Themida: Advanced Windows Software Protection System. https:\/\/www.oreans.com\/themida.php."},{"key":"e_1_3_2_2_47_1","volume-title":"Parasitics: The Next Generation. Kaspersky Lab Technical Report.","author":"Phillips Joshua","year":"2009"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/277650.277743"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_4"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"crossref","volume-title":"Reverse Engineering of Malware Emulators","author":"Polychronakis Michalis","DOI":"10.1007\/978-1-4419-5906-5_849"},{"key":"e_1_3_2_2_51_1","volume-title":"Virtual Deobfuscator: Removing virtualization obfuscations from malware. Black Hat USA.","author":"Raber Jason","year":"2013"},{"key":"e_1_3_2_2_52_1","unstructured":"Ben Read and Jonathan Leathery. 2017. CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware. FireEye Threat Research Blog.  Ben Read and Jonathan Leathery. 2017. CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware. FireEye Threat Research Blog."},{"key":"e_1_3_2_2_53_1","unstructured":"ReWolf. last reviewed 10\/01\/2017. x86 Virtualizer. http:\/\/www.openrce.org\/blog\/view\/847\/x86_Virtualizer_-_source_code.  ReWolf. last reviewed 10\/01\/2017. x86 Virtualizer. http:\/\/www.openrce.org\/blog\/view\/847\/x86_Virtualizer_-_source_code."},{"key":"e_1_3_2_2_54_1","unstructured":"Thomas Roccia. 2017. Malware Packers Use Tricks to Avoid Analysis Detection. McAfee Blogs.  Thomas Roccia. 2017. Malware Packers Use Tricks to Avoid Analysis Detection. McAfee Blogs."},{"key":"e_1_3_2_2_55_1","volume-title":"Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT'09)","author":"Rolles Rolf","year":"2009"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2522968.2522972"},{"key":"e_1_3_2_2_57_1","volume-title":"Symposium sur la s\u00e9 curit\u00e9 des technologies de l'information et des communications (SSTIC'17)","author":"Salwan Jonathan","year":"2017"},{"key":"e_1_3_2_2_58_1","volume-title":"Triton: A Dynamic Symbolic Execution Framework. In Symposium sur la s\u00e9 curit\u00e9 des technologies de l'information et des communications (SSTIC'15)","author":"Saudel Florent","year":"2015"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.27"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1064979.1065001"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_2_62_1","unstructured":"Craig Smith. 2008. Creating Code Obfuscation Virtual Machines. RECON.  Craig Smith. 2008. Creating Code Obfuscation Virtual Machines. RECON."},{"key":"e_1_3_2_2_63_1","volume-title":"Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design)","author":"Smith Jim","year":"2005"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_2_65_1","unstructured":"Aditya K Sood Richard J Enbody and Rohit Bansal. 2011. SpyEye malware infection framework. Virus Bulletin.  Aditya K Sood Richard J Enbody and Rohit Bansal. 2011. SpyEye malware infection framework. Virus Bulletin."},{"key":"e_1_3_2_2_66_1","unstructured":"StrongBit Technology. last reviewed 10\/01\/2017. EXECryptor: Bulletproof software protection. http:\/\/www.strongbit.com\/execryptor.asp.  StrongBit Technology. last reviewed 10\/01\/2017. EXECryptor: Bulletproof software protection. http:\/\/www.strongbit.com\/execryptor.asp."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.246"},{"key":"e_1_3_2_2_68_1","volume-title":"Proceedings of the 2016 USENIX Workshop on Advances in Security Education.","author":"Taylor Clark","year":"2016"},{"key":"e_1_3_2_2_69_1","unstructured":"The Enigma Protector. last reviewed 10\/01\/2017. Enigma Protector: A professional system for executable files licensing and protection. http:\/\/enigmaprotector.com\/.  The Enigma Protector. last reviewed 10\/01\/2017. Enigma Protector: A professional system for executable files licensing and protection. http:\/\/enigmaprotector.com\/."},{"key":"e_1_3_2_2_70_1","volume-title":"Devirtualizing FinSpy. POC","year":"2012"},{"key":"e_1_3_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"e_1_3_2_2_72_1","volume-title":"Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT'12)","author":"Vanegue Julien","year":"2012"},{"key":"e_1_3_2_2_73_1","unstructured":"VMProtect Software. last reviewed 10\/01\/2017. VMProtect software protection. http:\/\/vmpsoft.com.  VMProtect Software. last reviewed 10\/01\/2017. VMProtect software protection. http:\/\/vmpsoft.com."},{"key":"e_1_3_2_2_74_1","volume-title":"Proceedings of International Conference on Dependable Systems and Networks (DSN'01)","author":"Wang C."},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556464.2556468"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2013.107"},{"key":"e_1_3_2_2_77_1","volume-title":"Translingual Obfuscation. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (Euro S&P'16)","author":"Wang Pei","year":"2016"},{"key":"e_1_3_2_2_78_1","volume-title":"CARO Workshop.","author":"Wang Zhenxiang Jim","year":"2010"},{"key":"e_1_3_2_2_79_1","unstructured":"Josh Watson. 2017. An extra bit of analysis for cLEMENCy. Trail of Bits Blog.  Josh Watson. 2017. An extra bit of analysis for cLEMENCy. Trail of Bits Blog."},{"key":"e_1_3_2_2_80_1","volume-title":"Proceedings of the 20th Information Security Conference(ISC'17)","author":"Xie Haijiang","year":"2017"},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.56"},{"key":"e_1_3_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813663"},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.47"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151053"},{"key":"e_1_3_2_2_85_1","volume-title":"Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07)","author":"Zhang Qinghua"},{"key":"e_1_3_2_2_86_1","doi-asserted-by":"publisher","DOI":"10.5555\/1784964.1784971"}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243827","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243827","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243827","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:08:19Z","timestamp":1750212499000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243827"}},"subtitle":["A Verifiable Approach to Partially-Virtualized Binary Code Simplification"],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":85,"alternative-id":["10.1145\/3243734.3243827","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243827","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}