{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:28:33Z","timestamp":1750220913508,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["KAKENHI Grant Number JP17KT0081"],"award-info":[{"award-number":["KAKENHI Grant Number JP17KT0081"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359849","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"466-477","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["My script engines know what you did in the dark"],"prefix":"10.1145","author":[{"given":"Toshinori","family":"Usui","sequence":"first","affiliation":[{"name":"The University of Tokyo"}]},{"given":"Yuto","family":"Otsuki","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Yuhei","family":"Kawakoya","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Makoto","family":"Iwamura","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Jun","family":"Miyoshi","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Kanta","family":"Matsuura","sequence":"additional","affiliation":[{"name":"The University of Tokyo"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. VirusTotal. https:\/\/www.virustotal.com\/. (accessed: 2017-03-09).  [n. d.]. VirusTotal. https:\/\/www.virustotal.com\/. (accessed: 2017-03-09)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_3_1","unstructured":"The Dependable Systems Lab at EPFL in Lausanne. [n. d.]. Chef. https:\/\/github.com\/S2E\/s2e-old\/tree\/chef. (accessed: 2018-01-01).  The Dependable Systems Lab at EPFL in Lausanne. [n. d.]. Chef. https:\/\/github.com\/S2E\/s2e-old\/tree\/chef. (accessed: 2018-01-01)."},{"key":"e_1_3_2_1_4_1","unstructured":"Rohitab Batra. [n. d.]. API Monitor. http:\/\/www.rohitab.com\/apimonitor. (accessed: 2019-02-15).  Rohitab Batra. [n. d.]. API Monitor. http:\/\/www.rohitab.com\/apimonitor. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541977"},{"key":"e_1_3_2_1_6_1","unstructured":"CapacitorSet. [n. d.]. box.js. https:\/\/github.com\/CapacitorSet\/box-js. (accessed: 2019-02-15).  CapacitorSet. [n. d.]. box.js. https:\/\/github.com\/CapacitorSet\/box-js. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23483"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046739"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516697"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_11_1","unstructured":"Blake Hartstein. [n. d.]. jsunpack-n. https:\/\/github.com\/urule99\/jsunpack-n. (accessed: 2019-02-15).  Blake Hartstein. [n. d.]. jsunpack-n. https:\/\/github.com\/urule99\/jsunpack-n. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243866"},{"key":"e_1_3_2_1_13_1","unstructured":"Timo Hirvonen. [n. d.]. Sulo. https:\/\/github.com\/F-Secure\/Sulo. (accessed: 2019-02-15).  Timo Hirvonen. [n. d.]. Sulo. https:\/\/github.com\/F-Secure\/Sulo. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_14_1","volume-title":"Dynamic Flash instrumentation for fun and profit. Blackhat USA briefings","author":"Hirvonen Timo","year":"2014","unstructured":"Timo Hirvonen . 2014. Dynamic Flash instrumentation for fun and profit. Blackhat USA briefings 2014 , https:\/\/www.blackhat.com\/docs\/us-14\/materials\/us-14-Hirvonen-Dynamic-Flash-Instrumentation-For-Fun-And-Profit.pdf. (accessed: 2019-02-15). Timo Hirvonen. 2014. Dynamic Flash instrumentation for fun and profit. Blackhat USA briefings 2014, https:\/\/www.blackhat.com\/docs\/us-14\/materials\/us-14-Hirvonen-Dynamic-Flash-Instrumentation-For-Fun-And-Profit.pdf. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_15_1","volume-title":"The beast within - Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings","author":"Hund Ralf","year":"2016","unstructured":"Ralf Hund . 2016. The beast within - Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings 2016 . Ralf Hund. 2016. The beast within - Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings 2016."},{"key":"e_1_3_2_1_16_1","unstructured":"KahuSecurity. [n. d.]. Revelo Javascript Deobfuscator. http:\/\/www.kahusecurity.com\/posts\/revelo_javascript_deobfuscator.html. (accessed: 2019-02-15).  KahuSecurity. [n. d.]. Revelo Javascript Deobfuscator. http:\/\/www.kahusecurity.com\/posts\/revelo_javascript_deobfuscator.html. (accessed: 2019-02-15)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_7"},{"key":"e_1_3_2_1_18_1","unstructured":"Philippe Lagadec. [n. d.]. ViperMonkey. https:\/\/github.com\/decalage2\/ViperMonkey. (accessed: 2019-09-20).  Philippe Lagadec. [n. d.]. ViperMonkey. https:\/\/github.com\/decalage2\/ViperMonkey. (accessed: 2019-09-20)."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS '11)","author":"Lee JongHyup","year":"2011","unstructured":"JongHyup Lee , Thanassis Avgerinos , and David Brumley . 2011 . TIE: Principled Reverse Engineering of Types in Binary Programs . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS '11) . Internet Society, 1--18. JongHyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled Reverse Engineering of Types in Binary Programs. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS '11). Internet Society, 1--18."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_14"},{"key":"e_1_3_2_1_22_1","unstructured":"Microsoft. [n. d.]. Antimalware Scan Interface. https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/amsi\/antimalware-scan-interface-portal. (accessed: 2018-08-16).  Microsoft. [n. d.]. Antimalware Scan Interface. https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/amsi\/antimalware-scan-interface-portal. (accessed: 2018-08-16)."},{"key":"e_1_3_2_1_23_1","volume-title":"IMECS","author":"Otsuki Yuto","year":"2015","unstructured":"Yuto Otsuki , Eiji Takimoto , Shoichi Saito , Eric W Cooper , and Koichi Mouri . 2015 . Identifying system calls invoked by malware using branch trace facilities. In International MultiConference of Engineers and Computer Scientists 2015 , IMECS 2015. Newswood Limited. Yuto Otsuki, Eiji Takimoto, Shoichi Saito, Eric W Cooper, and Koichi Mouri. 2015. Identifying system calls invoked by malware using branch trace facilities. In International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015. Newswood Limited."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_14"},{"key":"e_1_3_2_1_25_1","unstructured":"ReactOS Project. [n. d.]. ReactOS. https:\/\/www.reactos.org\/. (accessed: 2018-08-16).  ReactOS Project. [n. d.]. ReactOS. https:\/\/www.reactos.org\/. (accessed: 2018-08-16)."},{"key":"e_1_3_2_1_26_1","volume-title":"Automatic Reverse Engineering of Malware Emulators. In 2009 30th IEEE Symposium on Security and Privacy (SP '09","author":"Sharif Monirul","year":"2009","unstructured":"Monirul Sharif , Andrea Lanzi , Jonathon Giffin , and Wenke Lee . 2009 . Automatic Reverse Engineering of Malware Emulators. In 2009 30th IEEE Symposium on Security and Privacy (SP '09 . IEEE, 94--109. Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee. 2009. Automatic Reverse Engineering of Malware Emulators. In 2009 30th IEEE Symposium on Security and Privacy (SP '09. IEEE, 94--109."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-2836(81)90087-5"},{"key":"e_1_3_2_1_28_1","unstructured":"T. Sven. [n. d.]. JSDetox. http:\/\/relentless-coding.org\/projects\/jsdetox\/. (accessed: 2019-09-20).  T. Sven. [n. d.]. JSDetox. http:\/\/relentless-coding.org\/projects\/jsdetox\/. (accessed: 2019-09-20)."},{"key":"e_1_3_2_1_29_1","unstructured":"PowerShell Team. [n. d.]. PowerShell. https:\/\/github.com\/powershell. (accessed: 2018-08-16).  PowerShell Team. [n. d.]. PowerShell. https:\/\/github.com\/powershell. (accessed: 2018-08-16)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_14"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23331"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","acronym":"ACSAC '19","location":"San Juan Puerto Rico USA"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359849","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359849","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359849"}},"subtitle":["converting engines into script API tracers"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":31,"alternative-id":["10.1145\/3359789.3359849","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359849","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}