{"id":"https://openalex.org/W3205566425","doi":"https://doi.org/10.1145/3471621.3471848","title":"Lost in the Loader:The Many Faces of the Windows PE File Format","display_name":"Lost in the Loader:The Many Faces of the Windows PE File Format","publication_year":2021,"publication_date":"2021-10-06","ids":{"openalex":"https://openalex.org/W3205566425","doi":"https://doi.org/10.1145/3471621.3471848","mag":"3205566425"},"language":"en","primary_location":{"id":"doi:10.1145/3471621.3471848","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471848","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hal.science/hal-04611598","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072574628","display_name":"Dario Nisi","orcid":"https://orcid.org/0000-0002-3544-1346"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Dario Nisi","raw_affiliation_strings":["EURECOM, France","Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)"],"affiliations":[{"raw_affiliation_string":"EURECOM, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090917415","display_name":"Mariano Graziano","orcid":"https://orcid.org/0009-0000-8842-9300"},"institutions":[{"id":"https://openalex.org/I2801562743","display_name":"Cisco College","ror":"https://ror.org/03gc7jk79","country_code":"US","type":"education","lineage":["https://openalex.org/I2801562743"]},{"id":"https://openalex.org/I151281966","display_name":"Cisco Systems (China)","ror":"https://ror.org/02qy75381","country_code":"CN","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I151281966"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Mariano Graziano","raw_affiliation_strings":["Cisco Talos, US","Cisco Talos (United States)"],"affiliations":[{"raw_affiliation_string":"Cisco Talos, US","institution_ids":["https://openalex.org/I151281966"]},{"raw_affiliation_string":"Cisco Talos (United States)","institution_ids":["https://openalex.org/I2801562743"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002695158","display_name":"Yanick Fratantonio","orcid":"https://orcid.org/0009-0008-3676-9117"},"institutions":[{"id":"https://openalex.org/I2801562743","display_name":"Cisco College","ror":"https://ror.org/03gc7jk79","country_code":"US","type":"education","lineage":["https://openalex.org/I2801562743"]},{"id":"https://openalex.org/I151281966","display_name":"Cisco Systems (China)","ror":"https://ror.org/02qy75381","country_code":"CN","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I151281966"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Yanick Fratantonio","raw_affiliation_strings":["Cisco Talos, US","Cisco Talos (United States)"],"affiliations":[{"raw_affiliation_string":"Cisco Talos, US","institution_ids":["https://openalex.org/I151281966"]},{"raw_affiliation_string":"Cisco Talos (United States)","institution_ids":["https://openalex.org/I2801562743"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["EURECOM, France","Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)"],"affiliations":[{"raw_affiliation_string":"EURECOM, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)","institution_ids":["https://openalex.org/I1902872"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072574628"],"corresponding_institution_ids":["https://openalex.org/I1902872"],"apc_list":null,"apc_paid":null,"fwci":0.6094,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.67349561,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"177","last_page":"192"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7745559215545654},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7567130327224731},{"id":"https://openalex.org/keywords/loader","display_name":"Loader","score":0.6590998768806458},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.639945924282074},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5974140763282776},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4938536286354065},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.46307504177093506},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4206395745277405},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3460020422935486}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7745559215545654},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7567130327224731},{"id":"https://openalex.org/C2779041774","wikidata":"https://www.wikidata.org/wiki/Q650550","display_name":"Loader","level":2,"score":0.6590998768806458},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.639945924282074},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5974140763282776},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4938536286354065},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.46307504177093506},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4206395745277405},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3460020422935486}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3471621.3471848","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471848","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-04611598v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04611598","pdf_url":null,"source":{"id":"https://openalex.org/S4406922461","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"RAID 2021, 24th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, Oct 2021, San Sebastian, Spain. &#x27E8;10.1145/3471621.3471848&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-04611598v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04611598","pdf_url":null,"source":{"id":"https://openalex.org/S4406922461","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"RAID 2021, 24th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, Oct 2021, San Sebastian, Spain. &#x27E8;10.1145/3471621.3471848&#x27E9;","raw_type":"Conference papers"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5299999713897705}],"awards":[{"id":"https://openalex.org/G6197494185","display_name":null,"funder_award_id":"771844","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"}],"funders":[{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W33043110","https://openalex.org/W67117737","https://openalex.org/W191656338","https://openalex.org/W1480909796","https://openalex.org/W1557018311","https://openalex.org/W1926951188","https://openalex.org/W2066210260","https://openalex.org/W2162765234","https://openalex.org/W2350778671","https://openalex.org/W2517430515","https://openalex.org/W2584744348","https://openalex.org/W2701082322","https://openalex.org/W2766980353","https://openalex.org/W2794801050","https://openalex.org/W2912095101","https://openalex.org/W4254983202","https://openalex.org/W6683303659"],"related_works":["https://openalex.org/W2112192942","https://openalex.org/W2132081528","https://openalex.org/W4307821979","https://openalex.org/W2150019175","https://openalex.org/W1679963423","https://openalex.org/W2139769766","https://openalex.org/W2003230381","https://openalex.org/W2031656933","https://openalex.org/W3013063242","https://openalex.org/W2149918584"],"abstract_inverted_index":{"A":[0],"known":[1],"problem":[2],"in":[3,29],"the":[4,30],"security":[5],"industry":[6],"is":[7],"that":[8,10],"programs":[9],"deal":[11],"with":[12],"executable":[13],"file":[14],"formats,":[15],"such":[16],"as":[17],"OS":[18],"loaders,":[19],"reverse-engineering":[20],"tools,":[21],"and":[22,51],"antivirus":[23],"software,":[24],"often":[25,53],"have":[26],"little":[27],"discrepancies":[28],"way":[31],"they":[32],"interpret":[33],"an":[34],"input":[35],"file.":[36],"These":[37],"differences":[38],"can":[39],"be":[40],"abused":[41],"by":[42,55],"attackers":[43],"to":[44],"evade":[45],"detection":[46],"or":[47],"complicate":[48],"reverse":[49],"engineering,":[50],"are":[52],"found":[54],"researchers":[56],"through":[57],"a":[58],"manual,":[59],"trial-and-error":[60],"process.":[61]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}