Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques

Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware beh...
Ausführliche Beschreibung

Gespeichert in:

Autor*in:	Pham, Duy-Phuc [verfasserIn] Vu, Duc-Ly [verfasserIn] Massacci, Fabio [verfasserIn]

Format:	E-Artikel
Sprache:	Englisch

Erschienen:	2019

Schlagwörter:	Malware analysis Static analysis Dynamic analysis Malware detection MacOS APT malware

Übergeordnetes Werk:	Enthalten in: Journal in computer virology - Berlin : Springer, 2005, 15(2019), 4 vom: 20. Juni, Seite 249-257
Übergeordnetes Werk:	volume:15 ; year:2019 ; number:4 ; day:20 ; month:06 ; pages:249-257

Links:	Volltext

DOI / URN:	10.1007/s11416-019-00335-w

Katalog-ID:	SPR01905842X

Internformat


LEADER	01000caa a22002652 4500
001	SPR01905842X
003	DE-627
005	20220111064519.0
007	cr uuu---uuuuu
008	201006s2019 xx \|\|\|\|\|o 00\| \|\|eng c
024	7		\|a 10.1007/s11416-019-00335-w \|2 doi
035			\|a (DE-627)SPR01905842X
035			\|a (SPR)s11416-019-00335-w-e
040			\|a DE-627 \|b ger \|c DE-627 \|e rakwb
041			\|a eng
082	0	4	\|a 004 \|q ASE
084			\|a 54.38 \|2 bkl
100	1		\|a Pham, Duy-Phuc \|e verfasserin \|4 aut
245	1	0	\|a Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
264		1	\|c 2019
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
520			\|a Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.
650		4	\|a Malware analysis \|7 (dpeaa)DE-He213
650		4	\|a Static analysis \|7 (dpeaa)DE-He213
650		4	\|a Dynamic analysis \|7 (dpeaa)DE-He213
650		4	\|a Malware detection \|7 (dpeaa)DE-He213
650		4	\|a MacOS \|7 (dpeaa)DE-He213
650		4	\|a APT malware \|7 (dpeaa)DE-He213
700	1		\|a Vu, Duc-Ly \|e verfasserin \|4 aut
700	1		\|a Massacci, Fabio \|e verfasserin \|4 aut
773	0	8	\|i Enthalten in \|t Journal in computer virology \|d Berlin : Springer, 2005 \|g 15(2019), 4 vom: 20. Juni, Seite 249-257 \|w (DE-627)50371626X \|w (DE-600)2210973-0 \|x 1772-9904 \|7 nnns
773	1	8	\|g volume:15 \|g year:2019 \|g number:4 \|g day:20 \|g month:06 \|g pages:249-257
856	4	0	\|u https://dx.doi.org/10.1007/s11416-019-00335-w \|z kostenfrei \|3 Volltext
912			\|a GBV_USEFLAG_A
912			\|a SYSFLAG_A
912			\|a GBV_SPRINGER
912			\|a GBV_ILN_20
912			\|a GBV_ILN_22
912			\|a GBV_ILN_23
912			\|a GBV_ILN_24
912			\|a GBV_ILN_31
912			\|a GBV_ILN_39
912			\|a GBV_ILN_40
912			\|a GBV_ILN_60
912			\|a GBV_ILN_62
912			\|a GBV_ILN_65
912			\|a GBV_ILN_69
912			\|a GBV_ILN_70
912			\|a GBV_ILN_73
912			\|a GBV_ILN_74
912			\|a GBV_ILN_90
912			\|a GBV_ILN_95
912			\|a GBV_ILN_100
912			\|a GBV_ILN_101
912			\|a GBV_ILN_105
912			\|a GBV_ILN_120
912			\|a GBV_ILN_152
912			\|a GBV_ILN_161
912			\|a GBV_ILN_171
912			\|a GBV_ILN_187
912			\|a GBV_ILN_224
912			\|a GBV_ILN_250
912			\|a GBV_ILN_281
912			\|a GBV_ILN_285
912			\|a GBV_ILN_293
912			\|a GBV_ILN_370
912			\|a GBV_ILN_602
912			\|a GBV_ILN_702
912			\|a GBV_ILN_2003
912			\|a GBV_ILN_2005
912			\|a GBV_ILN_2007
912			\|a GBV_ILN_2014
912			\|a GBV_ILN_2025
912			\|a GBV_ILN_2026
912			\|a GBV_ILN_2034
912			\|a GBV_ILN_2044
912			\|a GBV_ILN_2059
912			\|a GBV_ILN_2106
912			\|a GBV_ILN_2111
912			\|a GBV_ILN_2119
912			\|a GBV_ILN_2129
912			\|a GBV_ILN_2147
912			\|a GBV_ILN_2148
912			\|a GBV_ILN_2153
912			\|a GBV_ILN_2190
936	b	k	\|a 54.38 \|q ASE
951			\|a AR
952			\|d 15 \|j 2019 \|e 4 \|b 20 \|c 06 \|h 249-257

Indexfelder

author_variant	d p p dpp d l v dlv f m fm
matchkey_str	article:17729904:2019----::aaamcsawraayifaeokeitntat
hierarchy_sort_str	2019
bklnumber	54.38
publishDate	2019
allfields	10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257
spelling	10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257
allfields_unstemmed	10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257
allfieldsGer	10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257
allfieldsSound	10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257
language	English
source	Enthalten in Journal in computer virology 15(2019), 4 vom: 20. Juni, Seite 249-257 volume:15 year:2019 number:4 day:20 month:06 pages:249-257
sourceStr	Enthalten in Journal in computer virology 15(2019), 4 vom: 20. Juni, Seite 249-257 volume:15 year:2019 number:4 day:20 month:06 pages:249-257
format_phy_str_mv	Article
institution	findex.gbv.de
topic_facet	Malware analysis Static analysis Dynamic analysis Malware detection MacOS APT malware
dewey-raw	004
isfreeaccess_bool	true
container_title	Journal in computer virology
authorswithroles_txt_mv	Pham, Duy-Phuc @@aut@@ Vu, Duc-Ly @@aut@@ Massacci, Fabio @@aut@@
publishDateDaySort_date	2019-06-20T00:00:00Z
hierarchy_top_id	50371626X
dewey-sort	14
id	SPR01905842X
language_de	englisch
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">SPR01905842X</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220111064519.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">201006s2019 xx \|\|\|\|\|o 00\| \|\|eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11416-019-00335-w</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)SPR01905842X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(SPR)s11416-019-00335-w-e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">54.38</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pham, Duy-Phuc</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2019</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Static analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dynamic analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware detection</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">MacOS</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">APT malware</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vu, Duc-Ly</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Massacci, Fabio</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal in computer virology</subfield><subfield code="d">Berlin : Springer, 2005</subfield><subfield code="g">15(2019), 4 vom: 20. Juni, Seite 249-257</subfield><subfield code="w">(DE-627)50371626X</subfield><subfield code="w">(DE-600)2210973-0</subfield><subfield code="x">1772-9904</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:15</subfield><subfield code="g">year:2019</subfield><subfield code="g">number:4</subfield><subfield code="g">day:20</subfield><subfield code="g">month:06</subfield><subfield code="g">pages:249-257</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://dx.doi.org/10.1007/s11416-019-00335-w</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_SPRINGER</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_74</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_90</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_100</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_101</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_120</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_152</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_171</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_187</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_224</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_250</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_281</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_702</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2003</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2005</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2007</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2025</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2026</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2034</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2044</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2059</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2106</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2119</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2129</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2147</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2148</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2153</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2190</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">54.38</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">15</subfield><subfield code="j">2019</subfield><subfield code="e">4</subfield><subfield code="b">20</subfield><subfield code="c">06</subfield><subfield code="h">249-257</subfield></datafield></record></collection>
author	Pham, Duy-Phuc
spellingShingle	Pham, Duy-Phuc ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
authorStr	Pham, Duy-Phuc
ppnlink_with_tag_str_mv	@@773@@(DE-627)50371626X
format	electronic Article
dewey-ones	004 - Data processing & computer science
delete_txt_mv	keep
author_role	aut aut aut
collection	springer
remote_str	true
illustrated	Not Illustrated
issn	1772-9904
topic_title	004 ASE 54.38 bkl Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213
topic	ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware
topic_unstemmed	ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware
topic_browse	ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware
format_facet	Elektronische Aufsätze Aufsätze Elektronische Ressource
format_main_str_mv	Text Zeitschrift/Artikel
carriertype_str_mv	cr
hierarchy_parent_title	Journal in computer virology
hierarchy_parent_id	50371626X
dewey-tens	000 - Computer science, knowledge & systems
hierarchy_top_title	Journal in computer virology
isfreeaccess_txt	true
familylinks_str_mv	(DE-627)50371626X (DE-600)2210973-0
title	Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
ctrlnum	(DE-627)SPR01905842X (SPR)s11416-019-00335-w-e
title_full	Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
author_sort	Pham, Duy-Phuc
journal	Journal in computer virology
journalStr	Journal in computer virology
lang_code	eng
isOA_bool	true
dewey-hundreds	000 - Computer science, information & general works
recordtype	marc
publishDateSort	2019
contenttype_str_mv	txt
container_start_page	249
author_browse	Pham, Duy-Phuc Vu, Duc-Ly Massacci, Fabio
container_volume	15
class	004 ASE 54.38 bkl
format_se	Elektronische Aufsätze
author-letter	Pham, Duy-Phuc
doi_str_mv	10.1007/s11416-019-00335-w
dewey-full	004
author2-role	verfasserin
title_sort	mac-a-mal: macos malware analysis framework resistant to anti evasion techniques
title_auth	Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
abstract	Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.
abstractGer	Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.
abstract_unstemmed	Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.
collection_details	GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190
container_issue	4
title_short	Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
url	https://dx.doi.org/10.1007/s11416-019-00335-w
remote_bool	true
author2	Vu, Duc-Ly Massacci, Fabio
author2Str	Vu, Duc-Ly Massacci, Fabio
ppnlink	50371626X
mediatype_str_mv	c
isOA_txt	true
hochschulschrift_bool	false
doi_str	10.1007/s11416-019-00335-w
up_date	2024-07-03T23:57:16.305Z
_version_	1803604235447697408
fullrecord_marcxml	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">SPR01905842X</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220111064519.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">201006s2019 xx \|\|\|\|\|o 00\| \|\|eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11416-019-00335-w</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)SPR01905842X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(SPR)s11416-019-00335-w-e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">54.38</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pham, Duy-Phuc</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2019</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Static analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dynamic analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware detection</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">MacOS</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">APT malware</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vu, Duc-Ly</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Massacci, Fabio</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal in computer virology</subfield><subfield code="d">Berlin : Springer, 2005</subfield><subfield code="g">15(2019), 4 vom: 20. Juni, Seite 249-257</subfield><subfield code="w">(DE-627)50371626X</subfield><subfield code="w">(DE-600)2210973-0</subfield><subfield code="x">1772-9904</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:15</subfield><subfield code="g">year:2019</subfield><subfield code="g">number:4</subfield><subfield code="g">day:20</subfield><subfield code="g">month:06</subfield><subfield code="g">pages:249-257</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://dx.doi.org/10.1007/s11416-019-00335-w</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_SPRINGER</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_74</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_90</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_100</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_101</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_120</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_152</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_171</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_187</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_224</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_250</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_281</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_702</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2003</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2005</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2007</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2025</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2026</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2034</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2044</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2059</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2106</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2119</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2129</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2147</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2148</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2153</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2190</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">54.38</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">15</subfield><subfield code="j">2019</subfield><subfield code="e">4</subfield><subfield code="b">20</subfield><subfield code="c">06</subfield><subfield code="h">249-257</subfield></datafield></record></collection>
score	7.399047

Nicht das Richtige dabei?

Schreiben Sie uns!

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques

Nicht das Richtige dabei?

Zugang & Verfügbarkeit

Vorhandene Bände

Nicht das Richtige dabei?