{"id":"https://openalex.org/W4391345555","doi":"https://doi.org/10.3390/s24030840","title":"UnSafengine64: A Safengine Unpacker for 64-Bit Windows Environments and Detailed Analysis Results on Safengine 2.4.0","display_name":"UnSafengine64: A Safengine Unpacker for 64-Bit Windows Environments and Detailed Analysis Results on Safengine 2.4.0","publication_year":2024,"publication_date":"2024-01-27","ids":{"openalex":"https://openalex.org/W4391345555","doi":"https://doi.org/10.3390/s24030840","pmid":"https://pubmed.ncbi.nlm.nih.gov/38339557"},"language":"en","primary_location":{"id":"doi:10.3390/s24030840","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/s24030840","pdf_url":"https://www.mdpi.com/1424-8220/24/3/840/pdf?version=1706350075","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1424-8220/24/3/840/pdf?version=1706350075","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102936527","display_name":"Seokwoo Choi","orcid":"https://orcid.org/0000-0002-5658-6050"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seokwoo Choi","raw_affiliation_strings":["The Affiliated Institute of ETRI, P.O. Box 1, Yuseong, Daejeon 305-600, Republic of Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Affiliated Institute of ETRI, P.O. Box 1, Yuseong, Daejeon 305-600, Republic of Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084242910","display_name":"Taejoo Chang","orcid":"https://orcid.org/0000-0003-2516-3853"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Taejoo Chang","raw_affiliation_strings":["The Affiliated Institute of ETRI, P.O. Box 1, Yuseong, Daejeon 305-600, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0003-2516-3853","affiliations":[{"raw_affiliation_string":"The Affiliated Institute of ETRI, P.O. Box 1, Yuseong, Daejeon 305-600, Republic of Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101411354","display_name":"Yongsu Park","orcid":"https://orcid.org/0000-0002-7354-4434"},"institutions":[{"id":"https://openalex.org/I4575257","display_name":"Hanyang University","ror":"https://ror.org/046865y68","country_code":"KR","type":"education","lineage":["https://openalex.org/I4575257"]},{"id":"https://openalex.org/I93906172","display_name":"Anyang University","ror":"https://ror.org/018pdh902","country_code":"KR","type":"education","lineage":["https://openalex.org/I93906172"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Yongsu Park","raw_affiliation_strings":["Department of Computer Science, Hanyang University, Wangshimriro 222, Seongdonggu, Seoul 04763, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-7354-4434","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Hanyang University, Wangshimriro 222, Seongdonggu, Seoul 04763, Republic of Korea","institution_ids":["https://openalex.org/I93906172","https://openalex.org/I4575257"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101411354"],"corresponding_institution_ids":["https://openalex.org/I4575257","https://openalex.org/I93906172"],"apc_list":{"value":2400,"currency":"CHF","value_usd":2598},"apc_paid":{"value":2400,"currency":"CHF","value_usd":2598},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.01008386,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"24","issue":"3","first_page":"840","last_page":"840"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.8854728937149048},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.830756425857544},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.8002616167068481},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.7150722146034241},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.6070943474769592},{"id":"https://openalex.org/keywords/microsoft-windows","display_name":"Microsoft Windows","score":0.6063851118087769},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.570472002029419},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5107157230377197},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.4881063401699066},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4791278541088104},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4757544696331024},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.43384701013565063},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2661307454109192},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.1392408311367035},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.11428064107894897}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.8854728937149048},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.830756425857544},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.8002616167068481},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.7150722146034241},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.6070943474769592},{"id":"https://openalex.org/C508378895","wikidata":"https://www.wikidata.org/wiki/Q1406","display_name":"Microsoft Windows","level":3,"score":0.6063851118087769},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.570472002029419},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5107157230377197},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.4881063401699066},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4791278541088104},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4757544696331024},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.43384701013565063},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2661307454109192},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.1392408311367035},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.11428064107894897}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3390/s24030840","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/s24030840","pdf_url":"https://www.mdpi.com/1424-8220/24/3/840/pdf?version=1706350075","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},{"id":"pmid:38339557","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/38339557","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors (Basel, Switzerland)","raw_type":null},{"id":"pmh:oai:mdpi.com:/1424-8220/24/3/840/","is_oa":true,"landing_page_url":"https://doi.org/10.3390/s24030840","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"Text"},{"id":"pmh:oai:pubmedcentral.nih.gov:10857144","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/10857144","pdf_url":"https://pmc.ncbi.nlm.nih.gov/articles/PMC10857144/pdf/sensors-24-00840.pdf","source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors (Basel)","raw_type":"Text"},{"id":"pmh:oai:doaj.org/article:d431dd56e4764feabb58ee4faa3fb8bf","is_oa":true,"landing_page_url":"https://doaj.org/article/d431dd56e4764feabb58ee4faa3fb8bf","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sensors, Vol 24, Iss 3, p 840 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/s24030840","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/s24030840","pdf_url":"https://www.mdpi.com/1424-8220/24/3/840/pdf?version=1706350075","source":{"id":"https://openalex.org/S101949793","display_name":"Sensors","issn_l":"1424-8220","issn":["1424-8220"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Sensors","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4119283845","display_name":null,"funder_award_id":"RS-2023-00244071","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320328359","display_name":"Ministry of Science and ICT, South Korea","ror":"https://ror.org/01wpjm123"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4391345555.pdf"},"referenced_works_count":18,"referenced_works":["https://openalex.org/W2618822292","https://openalex.org/W2708742135","https://openalex.org/W2752859356","https://openalex.org/W2883399546","https://openalex.org/W2966475342","https://openalex.org/W3017054987","https://openalex.org/W3043723866","https://openalex.org/W3119992093","https://openalex.org/W4214791206","https://openalex.org/W4316369139","https://openalex.org/W4316690373","https://openalex.org/W4379514871","https://openalex.org/W4385738188","https://openalex.org/W4385978086","https://openalex.org/W4387343722","https://openalex.org/W4389056251","https://openalex.org/W6631540460","https://openalex.org/W6766629296"],"related_works":["https://openalex.org/W47352601","https://openalex.org/W2981957539","https://openalex.org/W3003490434","https://openalex.org/W1977330409","https://openalex.org/W4200453963","https://openalex.org/W2902937489","https://openalex.org/W4220701292","https://openalex.org/W62185554","https://openalex.org/W4394797850","https://openalex.org/W2380730281"],"abstract_inverted_index":{"Despite":[0],"recent":[1],"remarkable":[2],"advances":[3],"in":[4,71],"binary":[5],"code":[6,35,39,154],"analysis,":[7],"malware":[8],"developers":[9],"still":[10],"use":[11],"complex":[12,68],"anti-reversing":[13,32],"techniques":[14],"that":[15,29,185],"make":[16],"analysis":[17,85,104,204],"difficult.":[18],"Packers":[19],"are":[20,26],"used":[21,102],"to":[22,74],"protect":[23],"malware,":[24],"which":[25,61,95],"(commercial)":[27],"tools":[28,105,124],"contain":[30],"diverse":[31],"techniques,":[33],"including":[34],"encryption,":[36],"anti-debugging,":[37],"and":[38,120,164,192],"virtualization.":[40],"In":[41,109],"this":[42],"study,":[43],"we":[44,111,130,201],"present":[45],"UnSafengine64:":[46],"a":[47,91,157],"Safengine":[48,179,213],"unpacker":[49],"for":[50,93,106,125,135,206],"64-bit":[51],"Windows.":[52,108],"UnSafengine64":[53,87,151,186],"can":[54,131],"correctly":[55,187],"unpack":[56],"packed":[57,166,189],"executables":[58],"using":[59,178,212],"Safengine,":[60],"is":[62,96],"considered":[63],"one":[64,97],"of":[65,77,98,160,172],"the":[66,75,99,147,161,170,207],"most":[67,100],"commercial":[69],"packers":[70],"Windows":[72],"environments;":[73],"best":[76],"our":[78,173],"knowledge,":[79],"there":[80],"have":[81],"been":[82],"no":[83],"published":[84],"results.":[86],"was":[88],"developed":[89],"as":[90,122],"plug-in":[92],"Pin,":[94],"widely":[101],"dynamic":[103],"Microsoft":[107],"addition,":[110],"utilized":[112],"Detect":[113],"It":[114],"Easy":[115],"(DIE),":[116],"IDA":[117],"Pro,":[118],"x64Dbg,":[119],"x64Unpack":[121],"auxiliary":[123],"deep":[126],"analysis.":[127],"Using":[128],"UnSafengine64,":[129],"analyze":[132],"obfuscated":[133,208],"calls":[134],"major":[136],"application":[137],"programming":[138],"interface":[139],"(API)":[140],"functions":[141],"or":[142],"conduct":[143],"fine-grained":[144],"analyses":[145],"at":[146],"instruction":[148],"level.":[149],"Furthermore,":[150],"detects":[152],"anti-debugging":[153],"chunks,":[155],"captures":[156],"memory":[158],"dump":[159],"target":[162],"process,":[163],"unpacks":[165],"files.":[167],"To":[168],"verify":[169],"effectiveness":[171],"scheme,":[174],"experiments":[175],"were":[176],"conducted":[177],"2.4.0.":[180,214],"The":[181],"experimental":[182],"results":[183,205],"show":[184],"executes":[188],"executable":[190,209],"files":[191],"successfully":[193],"produces":[194],"an":[195],"unpacked":[196],"version.":[197],"Based":[198],"on":[199],"this,":[200],"provided":[202],"detailed":[203],"file":[210],"generated":[211]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}