{"id":"https://openalex.org/W7139921417","doi":"https://doi.org/10.48550/arxiv.2603.18355","title":"Pushan: Trace-Free Deobfuscation of Virtualization-Obfuscated Binaries","display_name":"Pushan: Trace-Free Deobfuscation of Virtualization-Obfuscated Binaries","publication_year":2026,"publication_date":"2026-03-18","ids":{"openalex":"https://openalex.org/W7139921417","doi":"https://doi.org/10.48550/arxiv.2603.18355"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.18355","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.18355","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.18355","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058369987","display_name":"Ashwin Sudhir","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sudhir, Ashwin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130217515","display_name":"Zion Leonahenahe Basque","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Basque, Zion Leonahenahe","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059792983","display_name":"Wil Gibbs","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gibbs, Wil","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130215554","display_name":"Ati Priya Bajaj","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bajaj, Ati Priya","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130239219","display_name":"Pulkit Singh Singaria","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Singaria, Pulkit Singh","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130217396","display_name":"Mitchell Zakocs","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zakocs, Mitchell","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130227238","display_name":"Jie Hu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Jie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130246169","display_name":"Moritz Schloegel","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schloegel, Moritz","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076987446","display_name":"Tiffany Bao","orcid":"https://orcid.org/0000-0001-6424-0001"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bao, Tiffany","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130246508","display_name":"Adam Doupe","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Doupe, Adam","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026842092","display_name":"Yan Shoshitaishvili","orcid":"https://orcid.org/0000-0001-8832-1789"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shoshitaishvili, Yan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5130223978","display_name":"Ruoyu Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Ruoyu","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":12,"corresponding_author_ids":["https://openalex.org/A5058369987"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8919000029563904,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8919000029563904,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.0674000009894371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.009999999776482582,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.8712999820709229},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.7953000068664551},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.7184000015258789},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5655999779701233},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4593000113964081},{"id":"https://openalex.org/keywords/binary-code","display_name":"Binary code","score":0.4275999963283539},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.42179998755455017},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.41499999165534973},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4056999981403351}],"concepts":[{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.8712999820709229},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7955999970436096},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.7953000068664551},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.7184000015258789},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5655999779701233},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4593000113964081},{"id":"https://openalex.org/C63435697","wikidata":"https://www.wikidata.org/wiki/Q864135","display_name":"Binary code","level":3,"score":0.4275999963283539},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.42179998755455017},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.41499999165534973},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4056999981403351},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.40230000019073486},{"id":"https://openalex.org/C55526617","wikidata":"https://www.wikidata.org/wiki/Q719375","display_name":"Operand","level":2,"score":0.39590001106262207},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.39590001106262207},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.3912000060081482},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3855000138282776},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3758000135421753},{"id":"https://openalex.org/C91071405","wikidata":"https://www.wikidata.org/wiki/Q1413145","display_name":"Program slicing","level":3,"score":0.3499000072479248},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.3336000144481659},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.33059999346733093},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.32589998841285706},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3151000142097473},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.303600013256073},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.2971000075340271},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.295199990272522},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.2858999967575073},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.2831000089645386},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.2822999954223633},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.28200000524520874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28049999475479126},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.2736000120639801},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.2614000141620636}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.18355","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.18355","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.18355","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.18355","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5797662734985352,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0,24],"the":[1,33,119,143,148,154,194],"ever-evolving":[2],"battle":[3],"against":[4],"malware,":[5],"binary":[6,98],"obfuscation":[7,29],"techniques":[8,49],"are":[9],"a":[10,108,139,172,224],"formidable":[11],"barrier":[12],"to":[13,137,161,215],"effective":[14,163],"analysis":[15],"by":[16,131,190,222],"both":[17],"human":[18],"security":[19],"analysts":[20],"and":[21,83,110,127,197,201,212,241],"automated":[22,39,47],"systems.":[23],"particular,":[25],"virtualization":[26],"or":[27],"VM-based":[28],"is":[30,81,125,147],"one":[31],"of":[32,44,121,142,193],"strongest":[34],"protection":[35],"mechanisms":[36],"that":[37,151,176],"evade":[38],"analysis.":[40,164],"Despite":[41],"widespread":[42],"use":[43],"virtualization,":[45],"existing":[46,97,122],"deobfuscation":[48],"suffer":[50],"from":[51,65,100,230],"three":[52],"major":[53],"drawbacks.":[54],"First,":[55],"they":[56,74,90],"only":[57],"work":[58],"on":[59,76,169,182],"execution":[60],"traces,":[61],"which":[62,80,95],"prevents":[63,96],"them":[64,214],"recovering":[66],"all":[67],"logic":[68],"in":[69,87],"an":[70],"obfuscated":[71],"binary.":[72],"Second,":[73],"depend":[75],"dynamic":[77],"symbolic":[78,135],"execution,":[79],"expensive":[82],"does":[84],"not":[85],"scale":[86],"practice.":[88],"Third,":[89],"cannot":[91],"generate":[92],"\"well-formed\"":[93],"code,":[94],"decompilers":[99],"generating":[101],"human-friendly":[102],"output.":[103],"This":[104],"paper":[105],"introduces":[106],"PUSHAN,":[107],"novel":[109],"generic":[111],"technique":[112],"for":[113],"deobfuscating":[114],"virtualization-obfuscated":[115],"binaries":[116],"while":[117],"overcoming":[118],"limitations":[120],"techniques.":[123],"PUSHAN":[124,166,181,203],"trace-free":[126],"avoids":[128],"path-constraint":[129],"accumulation":[130],"using":[132],"VPC-sensitive,":[133],"constraint-free":[134],"emulation":[136],"recover":[138],"complete":[140,210],"CFG":[141],"virtualized":[144],"function.":[145],"It":[146],"first":[149],"approach":[150],"also":[152],"decompiles":[153,213],"protected":[155,189],"code":[156,238],"into":[157],"high-quality":[158],"C":[159,216],"pseudocode":[160],"enable":[162],"Crucially,":[165],"circumvents":[167],"reliance":[168],"path":[170],"satisfiability,":[171],"known":[173],"NP-hard":[174],"problem":[175],"hampers":[177],"scalability.":[178],"We":[179,218],"evaluate":[180],"more":[183],"than":[184],"1,000":[185],"binaries,":[186,207],"including":[187],"targets":[188],"academic":[191],"state":[192],"art":[195],"(Tigress)":[196],"commercial-strength":[198],"obfuscators":[199],"VMProtect":[200],"Themida.":[202],"successfully":[204],"deobfuscates":[205],"these":[206],"retrieves":[208],"their":[209],"CFGs,":[211],"pseudocode.":[217],"further":[219],"demonstrate":[220],"applicability":[221],"analyzing":[223],"previously":[225],"unanalyzed":[226],"VMProtect-obfuscated":[227],"malware":[228],"sample":[229],"VirusTotal,":[231],"where":[232],"our":[233],"decompiled":[234],"output":[235],"enables":[236],"LLM-assisted":[237],"simplification,":[239],"reuse,":[240],"program":[242],"understanding.":[243]},"counts_by_year":[],"updated_date":"2026-03-21T06:36:02.116451","created_date":"2026-03-21T00:00:00"}