Trends of anti-analysis operations of malwares observed in API call logs

Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates...

Full description

Saved in:
Bibliographic Details
Published inJournal of Computer Virology and Hacking Techniques Vol. 14; no. 1; pp. 69 - 85
Main Author Oyama, Yoshihiro
Format Journal Article
LanguageEnglish
Published Paris Springer Paris 01.02.2018
Springer Nature B.V
Subjects
Application programming interface
Computer Science
Computer viruses
Debugging
Environmental monitoring
Knowledge acquisition
Malware
Monitors
Original Paper
Trends
Anti-virtualization
Virtual machine monitors
Malware
Hypervisors
Virtualization
Anti-analysis
Online AccessGet full text

Cover

Abstract Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates execution to prevent analysis. The existence of malwares that execute such operations ( anti-analysis operations) is widely known. However, the knowledge acquired thus far, regarding what proportion of current malwares execute anti-analysis operations, what types of anti-analysis operations they execute, and how effectively such operations prevent analysis, is insufficient. In this study, we analyze FFRI Dataset, which is a dataset of dynamic malware analysis results, and clarify the trends in the anti-analysis operations executed by malware samples collected in 2016. Our findings revealed that, among 8243 malware samples, 856 (10.4%) samples executed at least one type of the 28 anti-analysis operations investigated in this study. We also found that, among the virtual machine monitors, VMware was the most commonly searched for by the malware samples.
AbstractList Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates execution to prevent analysis. The existence of malwares that execute such operations (anti-analysis operations) is widely known. However, the knowledge acquired thus far, regarding what proportion of current malwares execute anti-analysis operations, what types of anti-analysis operations they execute, and how effectively such operations prevent analysis, is insufficient. In this study, we analyze FFRI Dataset, which is a dataset of dynamic malware analysis results, and clarify the trends in the anti-analysis operations executed by malware samples collected in 2016. Our findings revealed that, among 8243 malware samples, 856 (10.4%) samples executed at least one type of the 28 anti-analysis operations investigated in this study. We also found that, among the virtual machine monitors, VMware was the most commonly searched for by the malware samples.
Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers, sandboxing systems, or virtual machine monitors, and if such an operation finds that the malware is running in an analysis environment, it terminates execution to prevent analysis. The existence of malwares that execute such operations ( anti-analysis operations) is widely known. However, the knowledge acquired thus far, regarding what proportion of current malwares execute anti-analysis operations, what types of anti-analysis operations they execute, and how effectively such operations prevent analysis, is insufficient. In this study, we analyze FFRI Dataset, which is a dataset of dynamic malware analysis results, and clarify the trends in the anti-analysis operations executed by malware samples collected in 2016. Our findings revealed that, among 8243 malware samples, 856 (10.4%) samples executed at least one type of the 28 anti-analysis operations investigated in this study. We also found that, among the virtual machine monitors, VMware was the most commonly searched for by the malware samples.
Author Oyama, Yoshihiro
Author_xml – sequence: 1
  givenname: Yoshihiro
  orcidid: 0000-0002-9406-5037
  surname: Oyama
  fullname: Oyama, Yoshihiro
  email: oyama@cc.tsukuba.ac.jp
  organization: University of Tsukuba
BookMark eNp1kEFLAzEQhYNUsNb-AG8LnqOTbHaTHktRWyjooZ5Dkk3Klm12Tbba_ntTV9CLzGGGmfcew3eNRr71FqFbAvcEgD9EQhgpMRCOgc4AHy_QmNIyx4Ln-ejPfIWmMe4AgNBC8LIYo-UmWF_FrHWZ8n2NlVfNKdZp0dmg-rr137e9aj5VsGnW0YYPW2W1z-avq8yopsmadhtv0KVTTbTTnz5Bb0-Pm8USr1-eV4v5GhtGix6LkmtujamgFLkuQTjDmCiIdoZqwbRTvHJFxahJpRwHqtnMglDVrNQVZ_kE3Q25XWjfDzb2ctceQvo6SppYcMhpTpKKDCoT2hiDdbIL9V6FkyQgz8zkwEwmZvLMTB6Thw6emLR-a8Nv8v-mL9C9cLE
CitedBy_id crossref_primary_10_1109_TII_2023_3327522
crossref_primary_10_1016_j_cose_2021_102550
crossref_primary_10_1016_j_cose_2023_103595
crossref_primary_10_1109_ACCESS_2023_3266562
crossref_primary_10_1007_s11416_022_00457_8
crossref_primary_10_1109_ACCESS_2022_3215267
crossref_primary_10_1016_j_jisa_2022_103202
crossref_primary_10_3390_s22197611
crossref_primary_10_1109_ACCESS_2022_3233403
crossref_primary_10_3390_app12178482
crossref_primary_10_1016_j_cose_2022_102627
crossref_primary_10_2197_ipsjjip_26_461
crossref_primary_10_3390_math11020416
crossref_primary_10_1145_3365001
crossref_primary_10_1109_ACCESS_2022_3190978
crossref_primary_10_1109_ACCESS_2022_3171912
Cites_doi 10.1145/2810103.2813642
10.1007/978-3-540-75496-1_1
10.1007/s11416-014-0224-9
10.1007/978-3-642-23644-0_18
10.1109/SP.2015.11
10.1145/1972551.1972554
10.1145/1655148.1655151
10.1002/sec.931
10.1007/978-3-319-33630-5_22
10.1007/978-3-662-43908-1_4
10.1145/1455770.1455779
10.1109/ACSAC.2009.48
10.1145/2664243.2664252
10.14722/ndss.2016.23121
10.1007/978-94-007-6818-5_21
10.1007/978-3-319-40667-1_11
ContentType Journal Article
Copyright Springer-Verlag France 2017
Copyright Springer Science & Business Media 2018
Copyright_xml – notice: Springer-Verlag France 2017
– notice: Copyright Springer Science & Business Media 2018
DBID AAYXX
CITATION
DOI 10.1007/s11416-017-0290-x
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList

DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2263-8733
EndPage 85
ExternalDocumentID 10_1007_s11416_017_0290_x
GrantInformation_xml – fundername: Japan Society for the Promotion of Science (JP)
  grantid: 26330080
GroupedDBID -EM
.VR
203
2J2
2JN
2JY
2KG
2KM
2LR
4.4
406
40E
95-
96X
AABHQ
AAFGU
AAHNG
AAIAL
AAJKR
AANZL
AARTL
AATNV
AATVU
AAUYE
AAYFA
AAYIU
AAYQN
AAYTO
ABBBX
ABDZT
ABECU
ABFGW
ABFTD
ABFTV
ABHLI
ABHQN
ABJOX
ABKAS
ABKCH
ABKTR
ABMQK
ABNWP
ABQBU
ABSXP
ABTEG
ABTHY
ABTKH
ABTMW
ABWNU
ABXPI
ACBMV
ACBRV
ACBYP
ACGFS
ACHSB
ACHXU
ACIGE
ACIPQ
ACKNC
ACMDZ
ACMLO
ACOKC
ACSNA
ACTTH
ACVWB
ACWMK
ADINQ
ADKNI
ADKPE
ADMDM
ADOXG
ADURQ
ADYFF
ADZKW
AEBTG
AEFTE
AEGAL
AEGNC
AEJHL
AEJRE
AEKMD
AEOHA
AEPYU
AESKC
AESTI
AETLH
AEVLU
AEVTX
AEXYK
AFNRJ
AFQWF
AFZKB
AGAYW
AGDGC
AGGBP
AGMZJ
AGQMX
AGWIL
AGWZB
AGYKE
AHBYD
AHSBF
AHYZX
AIAKS
AIIXL
AILAN
AIMYW
AITGF
AJBLW
AJDOV
AJRNO
AJZVZ
AKQUC
ALMA_UNASSIGNED_HOLDINGS
ALWAN
AMKLP
AMXSW
AMYLF
AOCGG
ARMRJ
ASPBG
AVWKF
AXYYD
AYJHY
AZFZN
B-.
BDATZ
BGNMA
CSCUP
DDRTE
DNIVK
DPUIP
EBLON
EBS
EIOEI
EJD
FEDTE
FERAY
FFXSO
FIGPU
FINBP
FNLPD
FRRFC
FSGXE
FWDCC
GGCAI
GGRSB
GJIRD
GNWQR
GQ6
HVGLF
IKXTQ
IWAJR
IXD
J-C
J0Z
JBSCW
JCJTX
JZLTJ
KOV
LLZTM
M4Y
MA-
N2Q
NPVJJ
NQJWS
NU0
O93
O9J
PT4
R89
ROL
RSV
S16
SAP
SISQX
SJYHP
SNE
SNPRN
SNX
SOHCF
SOJ
SPISZ
SRMVM
SSLCW
STPWE
SZN
TSG
UG4
UNUBA
UOJIU
UTJUX
UZXMN
VFIZW
W23
W48
YLTOR
Z7R
Z7X
Z81
Z83
Z88
ZMTXR
AACDK
AAJBT
AASML
AAYXX
ABAKF
ACAOD
ACDTI
ACZOJ
AEFQL
AEMSY
AFBBN
AGQEE
AGRTI
AIGIU
CITATION
.86
1N0
29J
2~H
408
409
5GY
67Z
6NX
875
95~
ACOMO
AFWTZ
AGJBK
BA0
CS3
DL5
GQ8
GXS
HG5
HZ~
IHE
IJ-
IXC
IZQ
KDC
LAK
O9-
OAM
P9O
QOS
R9I
RPX
S27
S3B
SCO
SDH
T13
TSV
U2A
VC2
WK8
Z45
ID FETCH-LOGICAL-c425t-867b7eccd0683b608fc44851bfc2b84bfa7df5d42c2c2af702b49e08ad96bd743
IEDL.DBID AGYKE
ISSN 2263-8733
IngestDate Thu Oct 10 20:15:29 EDT 2024
Thu Sep 12 18:22:44 EDT 2024
Sat Dec 16 12:00:54 EST 2023
IsDoiOpenAccess false
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 1
Keywords Anti-virtualization
Virtual machine monitors
Malware
Hypervisors
Virtualization
Anti-analysis
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c425t-867b7eccd0683b608fc44851bfc2b84bfa7df5d42c2c2af702b49e08ad96bd743
ORCID 0000-0002-9406-5037
OpenAccessLink https://tsukuba.repo.nii.ac.jp/record/46267/files/JCVHT_14.pdf
PQID 2007703231
PQPubID 2044300
PageCount 17
ParticipantIDs proquest_journals_2007703231
crossref_primary_10_1007_s11416_017_0290_x
springer_journals_10_1007_s11416_017_0290_x
PublicationCentury 2000
PublicationDate 2018-02-01
PublicationDateYYYYMMDD 2018-02-01
PublicationDate_xml – month: 02
  year: 2018
  text: 2018-02-01
  day: 01
PublicationDecade 2010
PublicationPlace Paris
PublicationPlace_xml – name: Paris
– name: Heidelberg
PublicationTitle Journal of Computer Virology and Hacking Techniques
PublicationTitleAbbrev J Comput Virol Hack Tech
PublicationYear 2018
Publisher Springer Paris
Springer Nature B.V
Publisher_xml – name: Springer Paris
– name: Springer Nature B.V
References OtsukiYTakimotoEKashiyamaTSaitoSCooperEWMouriKTracing malicious injected threads using Alkanet malware analyzerIAENG Trans. Eng. Technol.201324728329910.1007/978-94-007-6818-5_21
Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Proceedings of the 10th Information Security Conference, pp. 1–18 (2007)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386–395 (2014)
Cuckoo Sandbox: https://cuckoosandbox.org
Chubachi, Y., Aiko, K.: SLIME: Automated anti-sandboxing disarmament system. Black Hat Asia 2015 (2015)
Blackthorne, J., Bulazel, A., Fasano, A., Biernat, P., Yener, B.: AVLeak: Fingerprinting antivirus emulators through black-box testing. In: Proceedings of the 10th USENIX Workshop on Offensive Technologies (2016)
Wang, G., Liu, C., Lin, J.: Transparency and semantics coexist: When malware analysis meets the hardware assisted virtualization. In: Proceedings of the International Standard Conference on Trustworthy Distributed Computing and Services, pp. 29–37 (2013)
Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 177–186 (2008)
Wang, G., Estrada, Z.J., Pham, C., Kalbarczyk, Z., Iyer, R.K.: Hypervisor introspection: A technique for evading passive virtual machine monitoring. In: Proceedings of the 9th USENIX Workshop on Offensive Technologies (2015)
Zhang, F., Leach, K., Stavrou, A., Wang, H., Sun, K.: Using hardware features for increased debugging transparency. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, pp. 55–69 (2015)
OPSWAT: Windows Anti-malware Market Share Reports. https://www.metadefender.com/stats/anti-malware-market-share-report#!/ (2016)
Pektaş, A., Acarman, T.: A dynamic malware analyzer against virtual machine aware malicious software. Secur. Commun. Netw. 7(12), 2245–2257 (2014)
OyamaYKawasakiYTakahashiKCheckpointing an operating system using a parapass-through hypervisorJ. Inf. Process.2015232132141
Chen, P., Huygens, C., Desmet, L., Joosen, W.: Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware. In: Proceedings of the 31st IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 323–336 (2016)
Wyke, J.: Duping the machine—malware strategies, post sandbox detection. In: Proceedings of the 24th Virus Bulletin International Conference, pp. 91–97 (2014)
Kirat, D., Vigna, G.: MalGene: Automatic extraction of malware analysis evasion signature. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 769–780 (2015)
Kang, M.G., Yin, H., Hanna, S., McCamant, S., Song, D.: Emulating emulation-resistant malware. In: Proceedings of the 2nd ACM Workshop on Virtual Machine Security, pp. 11–22 (2009)
Pék, G., Bencsáth, B., Buttyán, L.: nEther: In-guest detection of out-of-the-guest malware analyzers. In: Proceedings of the 4th European Workshop on System Security (2011)
Shi, H., Alwabel, A., Mirkovic, J.: Cardinal pill testing of system virtual machines. In: Proceedings of the 23rd USENIX Security Symposium, pp. 271–285 (2014)
HatadaMAkiyamaMMatsukiTKasamaTEmpowering anti-malware research in Japan by sharing the MWS datasetsJ. Inf. Process.2015235579588
Symantec: Internet Security Threat Report, vol. 21 (2016)
Takata, Y., Terada, M., Murakami, J., Kasama, T., Yoshioka, K., Hatada, M.: Datasets for anti-malware research ∼\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\sim $$\end{document}MWS datasets 2016∼\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\sim $$\end{document}. In: IPSJ SIG Technical Report, vol. 2016-CSEC-74 (2016)
Spensky, C., Hu, H., Leach, K.: LO-PHI: low-observable physical host instrumentation for malware analysis. In: Proceedings of the 23rd Annual Network and Distributed System Security Symposium (2016)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)
Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (2010)
FerrandOHow to detect the Cuckoo Sandbox and to strengthen it?J. Comput. Virol. Hacking Tech.2015111515810.1007/s11416-014-0224-9
Lindorfer, M., Kolbitsch, C., Comparetti, P.M.: Detecting environment-sensitive malware. In: Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, pp. 338–357 (2011)
Singh, A., Bu, Z.: Hot Knives Through Butter: Evading File-Based Sandboxes. Tech. rep, FireEye (2014)
Brengel, M., Backes, M., Rossow, C.: Detecting hardware-assisted virtualization. In: Proceedings of the 13th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp. 207–227 (2016)
Barbosa, G.N., Branco, R.R.: Prevalent characteristics in modern malware. Black Hat USA 2014 (2014)
Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems (2007)
Kirat, D., Vigna, G., Kruegel, C.: BareCloud: Bare-metal analysis-based evasive malware detection. In: Proceedings of the 23rd USENIX Security Symposium, pp. 287–301 (2014)
Branco, R.R., Barbosa, G.N., Neto, P.D.: Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-VM technologies. Black Hat USA 2012 (2012)
VENOM vulnerability. CVE-2015-3456 (2015)
Nguyen, A.M., Schear, N., Jung, H., Godiyal, A., King, S.T., Nguyen, H.D.: MAVMM: Lightweight and purpose built VMM for malware analysis. In: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 441–450 (2009)
290_CR30
290_CR31
290_CR10
290_CR32
290_CR11
290_CR33
290_CR12
290_CR34
290_CR35
290_CR14
290_CR15
290_CR16
290_CR17
290_CR18
290_CR19
M Hatada (290_CR3) 2015; 23
290_CR1
290_CR2
290_CR4
290_CR20
290_CR21
290_CR22
290_CR23
290_CR24
290_CR27
290_CR28
290_CR29
O Ferrand (290_CR13) 2015; 11
Y Otsuki (290_CR25) 2013; 247
290_CR9
Y Oyama (290_CR26) 2015; 23
290_CR5
290_CR6
290_CR7
290_CR8
References_xml – ident: 290_CR33
– ident: 290_CR10
– ident: 290_CR31
– ident: 290_CR8
  doi: 10.1145/2810103.2813642
– ident: 290_CR6
  doi: 10.1007/978-3-540-75496-1_1
– ident: 290_CR14
– ident: 290_CR12
– volume: 11
  start-page: 51
  issue: 1
  year: 2015
  ident: 290_CR13
  publication-title: J. Comput. Virol. Hacking Tech.
  doi: 10.1007/s11416-014-0224-9
  contributor:
    fullname: O Ferrand
– ident: 290_CR35
– ident: 290_CR16
– ident: 290_CR23
  doi: 10.1007/978-3-642-23644-0_18
– ident: 290_CR18
– ident: 290_CR9
– ident: 290_CR30
  doi: 10.1109/SP.2015.11
– ident: 290_CR5
– ident: 290_CR1
– ident: 290_CR17
  doi: 10.1145/1972551.1972554
– ident: 290_CR21
  doi: 10.1145/1655148.1655151
– ident: 290_CR27
  doi: 10.1002/sec.931
– volume: 23
  start-page: 579
  issue: 5
  year: 2015
  ident: 290_CR3
  publication-title: J. Inf. Process.
  contributor:
    fullname: M Hatada
– ident: 290_CR7
  doi: 10.1007/978-3-319-33630-5_22
– ident: 290_CR11
– ident: 290_CR29
  doi: 10.1007/978-3-662-43908-1_4
– ident: 290_CR15
– ident: 290_CR20
  doi: 10.1145/1455770.1455779
– volume: 23
  start-page: 132
  issue: 2
  year: 2015
  ident: 290_CR26
  publication-title: J. Inf. Process.
  contributor:
    fullname: Y Oyama
– ident: 290_CR34
– ident: 290_CR19
– ident: 290_CR24
  doi: 10.1109/ACSAC.2009.48
– ident: 290_CR4
– ident: 290_CR22
  doi: 10.1145/2664243.2664252
– ident: 290_CR28
  doi: 10.14722/ndss.2016.23121
– volume: 247
  start-page: 283
  year: 2013
  ident: 290_CR25
  publication-title: IAENG Trans. Eng. Technol.
  doi: 10.1007/978-94-007-6818-5_21
  contributor:
    fullname: Y Otsuki
– ident: 290_CR2
– ident: 290_CR32
  doi: 10.1007/978-3-319-40667-1_11
SSID ssj0001258765
ssj0054875
Score 2.2536998
Snippet Some malwares execute operations that determine whether they are running in an analysis environment created by monitoring software, such as debuggers,...
SourceID proquest
crossref
springer
SourceType Aggregation Database
Publisher
StartPage 69
SubjectTerms Application programming interface
Computer Science
Computer viruses
Debugging
Environmental monitoring
Knowledge acquisition
Malware
Monitors
Original Paper
Trends
Title Trends of anti-analysis operations of malwares observed in API call logs
URI https://link.springer.com/article/10.1007/s11416-017-0290-x
https://www.proquest.com/docview/2007703231
Volume 14
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LS8MwGP-Y28WL84nTOXLwpGS0adq0xyHOqSgeHOipJGkConbDbSj-9X5ZW-fzMHpMG8L3yq_fE-DQl4mWIoior7mh3CaWysxyyoxIlEbEbpgrTr66jgZDfnEX3tWAfbou8sduFZGcG-pFrZuP2IE6o-qxxKOIGxuh6_dVh0bv7P7yq2clRBUPqxDmX99-v4QWyPJHMHR-x_SbRd3fZN6a0KWWPHZnU9XV778bNy5x_HVYKyEn6RUysgE1k29CsxrnQErt3oJBkR9LRpYguR-oLPuVkNHYFHIyX3uWT6-uaImMlPPomow85KR3c06Q208EDzvZhmH_9PZkQMtBC1Sjyk5pHAklkJeZF8WBirzYavxrC31lNVMxV1aKzIYZZxofaYXHFE-MF8ssiVSGGGQH6vkoN7tA4sQGfihsIA3nlnGpPRtwoX0lcZ8oacFRRfl0XPTTSBedkx2NUqRR6miUvrWgXfEmLVVr4uZmCjRTiEtbcFzRerH872Z7S729D6sIjeIiP7sN9enLzBwg_JiqTilvHVgZst4HHR_UyA
link.rule.ids 315,786,790,27955,27956,41114,42183,52144
linkProvider Springer Nature
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LT8IwGP9i4KAX8RlR1B48aUr26NbtSIwI8ogHSPC0tF2bEJERgWj86_3GtqBED2THbs2X7_lb-z0AbmwRKsFdn9qKacpMaKiIDaOO5qFUiNi1kxYn9_p-a8ieRt4or-OeF9nuxZXkylOvi91sBA809aqWE1oUgWOZpQG-BOXG40vn59GKhzbuFXeYf337OwqtoeXGbegqyDQrMCjIy3JLXuvLhayrr43OjVvSfwD7OegkjUxLDmFHT4-gUgx0ILl9H0Mry5AliSHI8DEVeccSksx0pimrtTcx-UjLlkgi0zNdHZPxlDSe2wTlPSFI7fwEhs2HwX2L5qMWqEKjXdDA55KjNGPLD1zpW4FR-N_m2dIoRwZMGsFj48XMUfgIwy1HslBbgYhDX8aIQk6hNE2m-gxIEBrX9rhxhWbMOEwoy7iMK1sK3McPq3BbsD6aZR01onXv5JRHEfIoSnkUfVahVggnyo1rnk7O5OioEJlW4a7g9Xr5383Ot3r7GnZbg1436rb7nQvYQ6AUZNnaNSgt3pf6EsHIQl7lyvcNqprXsw
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3LS8MwGP-QDcSLb3E6NQdPSrSPtGmPQ53T6dhBQU81SRMYzna4iuJf71fbUh16EOkxTUi-R_JLvhfAvi1CJbjrU1sxTZkJDRWxYdTRPJQKEbt28uDk64Hfu2WXd95dWed0Wnm7VybJIqYhz9KUZMeT2BzXgW82Agma77CWE1oUQWSTodayBjQ75_f9r88sHuq7V9kzf-r7_USqYeaMZfTzwOkuwUM11cLP5PHoJZNH6n0mi-M_1rIMiyUYJZ1CelZgTiersFQVeiCl3q9Br_CcJakhyIgRFWUmE5JOdCFBn21PYvyahzORVOZvvTomo4R0hhcE5WBMcObTdbjtnt2c9GhZgoEqVOaMBj6XHLkcW37gSt8KjML7nGdLoxwZMGkEj40XM0fhJwy3HMlCbQUiDn0ZIzrZgEaSJnoTSBAa1_a4cYVmzDhMKMu4jCtbChzHD1twULEhmhSZNqI6p3JOowhpFOU0it5a0K4YFZVKN80ranLcwBCxtuCwonvd_OtgW3_6ew_mh6fd6Opi0N-GBcRPQeHE3YZG9vyidxCjZHK3lMMPtbPgjg
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Trends+of+anti-analysis+operations+of+malwares+observed+in+API+call+logs&rft.jtitle=Journal+of+computer+virology+and+hacking+techniques&rft.au=Oyama%2C+Yoshihiro&rft.date=2018-02-01&rft.pub=Springer+Paris&rft.eissn=2263-8733&rft.volume=14&rft.issue=1&rft.spage=69&rft.epage=85&rft_id=info:doi/10.1007%2Fs11416-017-0290-x&rft.externalDocID=10_1007_s11416_017_0290_x
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2263-8733&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2263-8733&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2263-8733&client=summon