Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware beh...
Ausführliche Beschreibung
Autor*in: |
Pham, Duy-Phuc [verfasserIn] Vu, Duc-Ly [verfasserIn] Massacci, Fabio [verfasserIn] |
---|
Format: |
E-Artikel |
---|---|
Sprache: |
Englisch |
Erschienen: |
2019 |
---|
Schlagwörter: |
---|
Übergeordnetes Werk: |
Enthalten in: Journal in computer virology - Berlin : Springer, 2005, 15(2019), 4 vom: 20. Juni, Seite 249-257 |
---|---|
Übergeordnetes Werk: |
volume:15 ; year:2019 ; number:4 ; day:20 ; month:06 ; pages:249-257 |
Links: |
---|
DOI / URN: |
10.1007/s11416-019-00335-w |
---|
Katalog-ID: |
SPR01905842X |
---|
LEADER | 01000caa a22002652 4500 | ||
---|---|---|---|
001 | SPR01905842X | ||
003 | DE-627 | ||
005 | 20220111064519.0 | ||
007 | cr uuu---uuuuu | ||
008 | 201006s2019 xx |||||o 00| ||eng c | ||
024 | 7 | |a 10.1007/s11416-019-00335-w |2 doi | |
035 | |a (DE-627)SPR01905842X | ||
035 | |a (SPR)s11416-019-00335-w-e | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
082 | 0 | 4 | |a 004 |q ASE |
084 | |a 54.38 |2 bkl | ||
100 | 1 | |a Pham, Duy-Phuc |e verfasserin |4 aut | |
245 | 1 | 0 | |a Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
264 | 1 | |c 2019 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a Computermedien |b c |2 rdamedia | ||
338 | |a Online-Ressource |b cr |2 rdacarrier | ||
520 | |a Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. | ||
650 | 4 | |a Malware analysis |7 (dpeaa)DE-He213 | |
650 | 4 | |a Static analysis |7 (dpeaa)DE-He213 | |
650 | 4 | |a Dynamic analysis |7 (dpeaa)DE-He213 | |
650 | 4 | |a Malware detection |7 (dpeaa)DE-He213 | |
650 | 4 | |a MacOS |7 (dpeaa)DE-He213 | |
650 | 4 | |a APT malware |7 (dpeaa)DE-He213 | |
700 | 1 | |a Vu, Duc-Ly |e verfasserin |4 aut | |
700 | 1 | |a Massacci, Fabio |e verfasserin |4 aut | |
773 | 0 | 8 | |i Enthalten in |t Journal in computer virology |d Berlin : Springer, 2005 |g 15(2019), 4 vom: 20. Juni, Seite 249-257 |w (DE-627)50371626X |w (DE-600)2210973-0 |x 1772-9904 |7 nnns |
773 | 1 | 8 | |g volume:15 |g year:2019 |g number:4 |g day:20 |g month:06 |g pages:249-257 |
856 | 4 | 0 | |u https://dx.doi.org/10.1007/s11416-019-00335-w |z kostenfrei |3 Volltext |
912 | |a GBV_USEFLAG_A | ||
912 | |a SYSFLAG_A | ||
912 | |a GBV_SPRINGER | ||
912 | |a GBV_ILN_20 | ||
912 | |a GBV_ILN_22 | ||
912 | |a GBV_ILN_23 | ||
912 | |a GBV_ILN_24 | ||
912 | |a GBV_ILN_31 | ||
912 | |a GBV_ILN_39 | ||
912 | |a GBV_ILN_40 | ||
912 | |a GBV_ILN_60 | ||
912 | |a GBV_ILN_62 | ||
912 | |a GBV_ILN_65 | ||
912 | |a GBV_ILN_69 | ||
912 | |a GBV_ILN_70 | ||
912 | |a GBV_ILN_73 | ||
912 | |a GBV_ILN_74 | ||
912 | |a GBV_ILN_90 | ||
912 | |a GBV_ILN_95 | ||
912 | |a GBV_ILN_100 | ||
912 | |a GBV_ILN_101 | ||
912 | |a GBV_ILN_105 | ||
912 | |a GBV_ILN_120 | ||
912 | |a GBV_ILN_152 | ||
912 | |a GBV_ILN_161 | ||
912 | |a GBV_ILN_171 | ||
912 | |a GBV_ILN_187 | ||
912 | |a GBV_ILN_224 | ||
912 | |a GBV_ILN_250 | ||
912 | |a GBV_ILN_281 | ||
912 | |a GBV_ILN_285 | ||
912 | |a GBV_ILN_293 | ||
912 | |a GBV_ILN_370 | ||
912 | |a GBV_ILN_602 | ||
912 | |a GBV_ILN_702 | ||
912 | |a GBV_ILN_2003 | ||
912 | |a GBV_ILN_2005 | ||
912 | |a GBV_ILN_2007 | ||
912 | |a GBV_ILN_2014 | ||
912 | |a GBV_ILN_2025 | ||
912 | |a GBV_ILN_2026 | ||
912 | |a GBV_ILN_2034 | ||
912 | |a GBV_ILN_2044 | ||
912 | |a GBV_ILN_2059 | ||
912 | |a GBV_ILN_2106 | ||
912 | |a GBV_ILN_2111 | ||
912 | |a GBV_ILN_2119 | ||
912 | |a GBV_ILN_2129 | ||
912 | |a GBV_ILN_2147 | ||
912 | |a GBV_ILN_2148 | ||
912 | |a GBV_ILN_2153 | ||
912 | |a GBV_ILN_2190 | ||
936 | b | k | |a 54.38 |q ASE |
951 | |a AR | ||
952 | |d 15 |j 2019 |e 4 |b 20 |c 06 |h 249-257 |
author_variant |
d p p dpp d l v dlv f m fm |
---|---|
matchkey_str |
article:17729904:2019----::aaamcsawraayifaeokeitntat |
hierarchy_sort_str |
2019 |
bklnumber |
54.38 |
publishDate |
2019 |
allfields |
10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257 |
spelling |
10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257 |
allfields_unstemmed |
10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257 |
allfieldsGer |
10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257 |
allfieldsSound |
10.1007/s11416-019-00335-w doi (DE-627)SPR01905842X (SPR)s11416-019-00335-w-e DE-627 ger DE-627 rakwb eng 004 ASE 54.38 bkl Pham, Duy-Phuc verfasserin aut Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques 2019 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 Vu, Duc-Ly verfasserin aut Massacci, Fabio verfasserin aut Enthalten in Journal in computer virology Berlin : Springer, 2005 15(2019), 4 vom: 20. Juni, Seite 249-257 (DE-627)50371626X (DE-600)2210973-0 1772-9904 nnns volume:15 year:2019 number:4 day:20 month:06 pages:249-257 https://dx.doi.org/10.1007/s11416-019-00335-w kostenfrei Volltext GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 54.38 ASE AR 15 2019 4 20 06 249-257 |
language |
English |
source |
Enthalten in Journal in computer virology 15(2019), 4 vom: 20. Juni, Seite 249-257 volume:15 year:2019 number:4 day:20 month:06 pages:249-257 |
sourceStr |
Enthalten in Journal in computer virology 15(2019), 4 vom: 20. Juni, Seite 249-257 volume:15 year:2019 number:4 day:20 month:06 pages:249-257 |
format_phy_str_mv |
Article |
institution |
findex.gbv.de |
topic_facet |
Malware analysis Static analysis Dynamic analysis Malware detection MacOS APT malware |
dewey-raw |
004 |
isfreeaccess_bool |
true |
container_title |
Journal in computer virology |
authorswithroles_txt_mv |
Pham, Duy-Phuc @@aut@@ Vu, Duc-Ly @@aut@@ Massacci, Fabio @@aut@@ |
publishDateDaySort_date |
2019-06-20T00:00:00Z |
hierarchy_top_id |
50371626X |
dewey-sort |
14 |
id |
SPR01905842X |
language_de |
englisch |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">SPR01905842X</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220111064519.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">201006s2019 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11416-019-00335-w</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)SPR01905842X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(SPR)s11416-019-00335-w-e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">54.38</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pham, Duy-Phuc</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2019</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Static analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dynamic analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware detection</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">MacOS</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">APT malware</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vu, Duc-Ly</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Massacci, Fabio</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal in computer virology</subfield><subfield code="d">Berlin : Springer, 2005</subfield><subfield code="g">15(2019), 4 vom: 20. Juni, Seite 249-257</subfield><subfield code="w">(DE-627)50371626X</subfield><subfield code="w">(DE-600)2210973-0</subfield><subfield code="x">1772-9904</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:15</subfield><subfield code="g">year:2019</subfield><subfield code="g">number:4</subfield><subfield code="g">day:20</subfield><subfield code="g">month:06</subfield><subfield code="g">pages:249-257</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://dx.doi.org/10.1007/s11416-019-00335-w</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_SPRINGER</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_74</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_90</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_100</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_101</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_120</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_152</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_171</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_187</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_224</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_250</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_281</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_702</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2003</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2005</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2007</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2025</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2026</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2034</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2044</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2059</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2106</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2119</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2129</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2147</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2148</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2153</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2190</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">54.38</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">15</subfield><subfield code="j">2019</subfield><subfield code="e">4</subfield><subfield code="b">20</subfield><subfield code="c">06</subfield><subfield code="h">249-257</subfield></datafield></record></collection>
|
author |
Pham, Duy-Phuc |
spellingShingle |
Pham, Duy-Phuc ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
authorStr |
Pham, Duy-Phuc |
ppnlink_with_tag_str_mv |
@@773@@(DE-627)50371626X |
format |
electronic Article |
dewey-ones |
004 - Data processing & computer science |
delete_txt_mv |
keep |
author_role |
aut aut aut |
collection |
springer |
remote_str |
true |
illustrated |
Not Illustrated |
issn |
1772-9904 |
topic_title |
004 ASE 54.38 bkl Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques Malware analysis (dpeaa)DE-He213 Static analysis (dpeaa)DE-He213 Dynamic analysis (dpeaa)DE-He213 Malware detection (dpeaa)DE-He213 MacOS (dpeaa)DE-He213 APT malware (dpeaa)DE-He213 |
topic |
ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware |
topic_unstemmed |
ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware |
topic_browse |
ddc 004 bkl 54.38 misc Malware analysis misc Static analysis misc Dynamic analysis misc Malware detection misc MacOS misc APT malware |
format_facet |
Elektronische Aufsätze Aufsätze Elektronische Ressource |
format_main_str_mv |
Text Zeitschrift/Artikel |
carriertype_str_mv |
cr |
hierarchy_parent_title |
Journal in computer virology |
hierarchy_parent_id |
50371626X |
dewey-tens |
000 - Computer science, knowledge & systems |
hierarchy_top_title |
Journal in computer virology |
isfreeaccess_txt |
true |
familylinks_str_mv |
(DE-627)50371626X (DE-600)2210973-0 |
title |
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
ctrlnum |
(DE-627)SPR01905842X (SPR)s11416-019-00335-w-e |
title_full |
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
author_sort |
Pham, Duy-Phuc |
journal |
Journal in computer virology |
journalStr |
Journal in computer virology |
lang_code |
eng |
isOA_bool |
true |
dewey-hundreds |
000 - Computer science, information & general works |
recordtype |
marc |
publishDateSort |
2019 |
contenttype_str_mv |
txt |
container_start_page |
249 |
author_browse |
Pham, Duy-Phuc Vu, Duc-Ly Massacci, Fabio |
container_volume |
15 |
class |
004 ASE 54.38 bkl |
format_se |
Elektronische Aufsätze |
author-letter |
Pham, Duy-Phuc |
doi_str_mv |
10.1007/s11416-019-00335-w |
dewey-full |
004 |
author2-role |
verfasserin |
title_sort |
mac-a-mal: macos malware analysis framework resistant to anti evasion techniques |
title_auth |
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
abstract |
Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. |
abstractGer |
Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. |
abstract_unstemmed |
Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus. |
collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_SPRINGER GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_74 GBV_ILN_90 GBV_ILN_95 GBV_ILN_100 GBV_ILN_101 GBV_ILN_105 GBV_ILN_120 GBV_ILN_152 GBV_ILN_161 GBV_ILN_171 GBV_ILN_187 GBV_ILN_224 GBV_ILN_250 GBV_ILN_281 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_702 GBV_ILN_2003 GBV_ILN_2005 GBV_ILN_2007 GBV_ILN_2014 GBV_ILN_2025 GBV_ILN_2026 GBV_ILN_2034 GBV_ILN_2044 GBV_ILN_2059 GBV_ILN_2106 GBV_ILN_2111 GBV_ILN_2119 GBV_ILN_2129 GBV_ILN_2147 GBV_ILN_2148 GBV_ILN_2153 GBV_ILN_2190 |
container_issue |
4 |
title_short |
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques |
url |
https://dx.doi.org/10.1007/s11416-019-00335-w |
remote_bool |
true |
author2 |
Vu, Duc-Ly Massacci, Fabio |
author2Str |
Vu, Duc-Ly Massacci, Fabio |
ppnlink |
50371626X |
mediatype_str_mv |
c |
isOA_txt |
true |
hochschulschrift_bool |
false |
doi_str |
10.1007/s11416-019-00335-w |
up_date |
2024-07-03T23:57:16.305Z |
_version_ |
1803604235447697408 |
fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">SPR01905842X</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220111064519.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">201006s2019 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11416-019-00335-w</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)SPR01905842X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(SPR)s11416-019-00335-w-e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">54.38</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pham, Duy-Phuc</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2019</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Performance benchmarks show that our system is comparable with professional tools and able to withstand VM detection. By using Mac-A-Mal, we discovered 71 unknown adware samples (8 of them using valid distribution certificates), 2 keyloggers, and 1 previously unseen trojan involved in the APT32 OceanLotus.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Static analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dynamic analysis</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware detection</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">MacOS</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">APT malware</subfield><subfield code="7">(dpeaa)DE-He213</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vu, Duc-Ly</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Massacci, Fabio</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal in computer virology</subfield><subfield code="d">Berlin : Springer, 2005</subfield><subfield code="g">15(2019), 4 vom: 20. Juni, Seite 249-257</subfield><subfield code="w">(DE-627)50371626X</subfield><subfield code="w">(DE-600)2210973-0</subfield><subfield code="x">1772-9904</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:15</subfield><subfield code="g">year:2019</subfield><subfield code="g">number:4</subfield><subfield code="g">day:20</subfield><subfield code="g">month:06</subfield><subfield code="g">pages:249-257</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://dx.doi.org/10.1007/s11416-019-00335-w</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_SPRINGER</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_74</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_90</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_100</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_101</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_120</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_152</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_171</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_187</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_224</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_250</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_281</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_702</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2003</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2005</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2007</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2025</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2026</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2034</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2044</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2059</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2106</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2119</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2129</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2147</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2148</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2153</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2190</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">54.38</subfield><subfield code="q">ASE</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">15</subfield><subfield code="j">2019</subfield><subfield code="e">4</subfield><subfield code="b">20</subfield><subfield code="c">06</subfield><subfield code="h">249-257</subfield></datafield></record></collection>
|
score |
7.399047 |