{"id":"https://openalex.org/W3043723866","doi":"https://doi.org/10.1109/access.2020.3008900","title":"x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4","display_name":"x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3043723866","doi":"https://doi.org/10.1109/access.2020.3008900","mag":"3043723866"},"language":"en","primary_location":{"id":"doi:10.1109/access.2020.3008900","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3008900","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2020.3008900","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102936527","display_name":"Seokwoo Choi","orcid":"https://orcid.org/0000-0002-5658-6050"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seokwoo Choi","raw_affiliation_strings":["The Affiliated Institute of ETRI, Daejeon, South Korea","ORCiD"],"raw_orcid":"https://orcid.org/0000-0002-5658-6050","affiliations":[{"raw_affiliation_string":"The Affiliated Institute of ETRI, Daejeon, South Korea","institution_ids":["https://openalex.org/I142401562"]},{"raw_affiliation_string":"ORCiD","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084242910","display_name":"Taejoo Chang","orcid":"https://orcid.org/0000-0003-2516-3853"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Taejoo Chang","raw_affiliation_strings":["The Affiliated Institute of ETRI, Daejeon, South Korea","ORCiD"],"raw_orcid":"https://orcid.org/0000-0003-2516-3853","affiliations":[{"raw_affiliation_string":"The Affiliated Institute of ETRI, Daejeon, South Korea","institution_ids":["https://openalex.org/I142401562"]},{"raw_affiliation_string":"ORCiD","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100600387","display_name":"Changhyun Kim","orcid":"https://orcid.org/0000-0001-7181-136X"},"institutions":[{"id":"https://openalex.org/I4575257","display_name":"Hanyang University","ror":"https://ror.org/046865y68","country_code":"KR","type":"education","lineage":["https://openalex.org/I4575257"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Changhyun Kim","raw_affiliation_strings":["Department of Computer Science, Hanyang University, Seoul, South Korea","ORCiD"],"raw_orcid":"https://orcid.org/0000-0001-7181-136X","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Hanyang University, Seoul, South Korea","institution_ids":["https://openalex.org/I4575257"]},{"raw_affiliation_string":"ORCiD","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101411354","display_name":"Yongsu Park","orcid":"https://orcid.org/0000-0002-7354-4434"},"institutions":[{"id":"https://openalex.org/I4575257","display_name":"Hanyang University","ror":"https://ror.org/046865y68","country_code":"KR","type":"education","lineage":["https://openalex.org/I4575257"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yongsu Park","raw_affiliation_strings":["Department of Computer Science, Hanyang University, Seoul, South Korea","ORCiD"],"raw_orcid":"https://orcid.org/0000-0002-7354-4434","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Hanyang University, Seoul, South Korea","institution_ids":["https://openalex.org/I4575257"]},{"raw_affiliation_string":"ORCiD","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.9124,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.74171667,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"8","issue":null,"first_page":"127939","last_page":"127953"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8860357999801636},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.8043901920318604},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.7597043514251709},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.702534019947052},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.677696704864502},{"id":"https://openalex.org/keywords/dynamic-program-analysis","display_name":"Dynamic program analysis","score":0.5638067126274109},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5514836311340332},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.5504643321037292},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.47171729803085327},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.46187543869018555},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.4492723047733307},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.4286927878856659},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41852933168411255},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4185265600681305},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4121232032775879},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.39795395731925964},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2564871907234192},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.15008997917175293},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.1201888918876648}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8860357999801636},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.8043901920318604},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.7597043514251709},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.702534019947052},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.677696704864502},{"id":"https://openalex.org/C140006998","wikidata":"https://www.wikidata.org/wiki/Q2499307","display_name":"Dynamic program analysis","level":3,"score":0.5638067126274109},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5514836311340332},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.5504643321037292},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.47171729803085327},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.46187543869018555},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.4492723047733307},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.4286927878856659},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41852933168411255},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4185265600681305},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4121232032775879},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.39795395731925964},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2564871907234192},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.15008997917175293},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.1201888918876648},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2020.3008900","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3008900","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:221510bf4ce646b1b21514a7879bea5c","is_oa":true,"landing_page_url":"https://doaj.org/article/221510bf4ce646b1b21514a7879bea5c","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 8, Pp 127939-127953 (2020)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2020.3008900","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.3008900","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8378899422","display_name":null,"funder_award_id":"2020R1F1A1048443","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"}],"funders":[{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W1522250664","https://openalex.org/W1529311848","https://openalex.org/W1562605315","https://openalex.org/W2131726714","https://openalex.org/W2134633067","https://openalex.org/W2156858199","https://openalex.org/W2159702664","https://openalex.org/W2466394978","https://openalex.org/W2618822292","https://openalex.org/W2620946705","https://openalex.org/W2708742135","https://openalex.org/W2742249911","https://openalex.org/W2744461761","https://openalex.org/W2752859356","https://openalex.org/W2883399546","https://openalex.org/W2886034072","https://openalex.org/W2908835234","https://openalex.org/W2931858311","https://openalex.org/W2932977083","https://openalex.org/W2944830571","https://openalex.org/W2962164552","https://openalex.org/W2966475342","https://openalex.org/W2979774094","https://openalex.org/W3017054987","https://openalex.org/W4239813889","https://openalex.org/W4243947286","https://openalex.org/W6631155369","https://openalex.org/W6631540460","https://openalex.org/W6633563652","https://openalex.org/W6743716703","https://openalex.org/W6766629296"],"related_works":["https://openalex.org/W2498428883","https://openalex.org/W4386387815","https://openalex.org/W109909280","https://openalex.org/W2075886053","https://openalex.org/W3037286208","https://openalex.org/W2900526031","https://openalex.org/W3132470374","https://openalex.org/W2246375780","https://openalex.org/W2098431065","https://openalex.org/W62185554"],"abstract_inverted_index":{"In":[0,46],"spite":[1],"of":[2,77,113,169,195],"recent":[3],"remarkable":[4],"advances":[5],"in":[6,69,201],"binary":[7],"code":[8,40,44,115,156],"analysis,":[9],"malware":[10],"developers":[11],"are":[12,29,191],"still":[13],"using":[14],"complex":[15,123,198],"anti-reversing":[16],"techniques":[17,37],"to":[18,60,80,95,126],"make":[19],"analysis":[20,83,147,229],"difficult.":[21],"To":[22,165],"protect":[23],"malware,":[24],"they":[25],"use":[26],"packers,":[27],"which":[28],"(commercial)":[30],"tools":[31,84],"that":[32,56,86,208,236],"contain":[33],"various":[34],"anti-reverse":[35],"engineering":[36],"such":[38],"as":[39,193],"encryption,":[41],"anti-debugging,":[42],"and":[43,65,88,100,120,160,184,189,216],"virtualization.":[45],"this":[47],"paper,":[48],"we":[49,134,225],"present":[50],"x64Unpack:":[51],"a":[52],"hybrid":[53],"emulation":[54,99],"scheme":[55],"makes":[57],"it":[58],"easier":[59],"analyze":[61],"packed":[62,163,213],"executable":[63,214,234],"files":[64,215],"automatically":[66],"unpacks":[67],"them":[68],"64-bit":[70,202],"Windows":[71,203],"environments.":[72,204],"The":[73],"most":[74,197],"distinguishable":[75],"feature":[76],"x64Unpack":[78,87,152,209],"compared":[79],"other":[81],"dynamic":[82],"is":[85],"the":[89,114,149,162,167,175,196,212,219,227,232],"target":[90],"program":[91],"share":[92],"virtual":[93],"memory":[94],"support":[96],"both":[97],"instruction":[98],"direct":[101,111],"execution.":[102],"Emulation":[103],"runs":[104,117],"slow":[105],"but":[106],"provides":[107],"detailed":[108,228],"information,":[109],"whereas":[110],"execution":[112],"chunk":[116],"very":[118],"fast":[119],"can":[121,135,153],"handle":[122],"cases":[124],"regarding":[125],"operating":[127],"systems":[128],"or":[129,144],"hardware":[130],"devices.":[131],"With":[132],"x64Unpack,":[133,170],"monitor":[136],"major":[137],"API":[138],"(Application":[139],"Programming":[140],"Interface)":[141],"function":[142],"calls":[143],"conduct":[145],"fine-grained":[146],"at":[148],"instruction-level.":[150],"Furthermore,":[151],"detect":[154],"anti-debugging":[155],"chunks,":[157],"dump":[158],"memory,":[159],"unpack":[161],"files.":[164],"verify":[166],"effectiveness":[168],"experiments":[171],"were":[172],"conducted":[173],"on":[174,223,231],"obfuscation":[176],"tools:":[177],"UPX":[178],"3.95,":[179],"MPRESS":[180],"2.19,":[181],"Themida":[182,190],"2.4.6,":[183],"VMProtect":[185,188,240],"3.4.":[186,241],"Especially,":[187],"considered":[192],"some":[194],"commercial":[199],"packers":[200],"Experimental":[205],"results":[206,230],"show":[207],"correctly":[210],"emulates":[211],"successfully":[217],"produces":[218],"unpacked":[220],"version.":[221],"Based":[222],"this,":[224],"provide":[226],"obfuscated":[233],"file":[235],"was":[237],"generated":[238],"by":[239]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}