Identifying Malicious
Reverse Engineering
Code Through
Advances in Information Security
Sushil Jajodia
Consulting Editor
Center for Secure Information Systems
George Mason University
Fairfax, VA 22030-4444
email: jajodia@gmu.edu
The goals of the Springer International Series on ADVANCES IN INFORMATION
SECURITY are, one, to establish the state of the art of, and set the course for future research
in information security and, two, to serve as a central reference source for advanced and
timely topics in information security research and development. The scope of this series
includes all aspects of computer and network security and related areas such as fault tolerance
and software assurance.
ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive
overviews of specific topics in information security, as well as works that are larger in scope
or that contain more detailed background information than can be accommodated in shorter
survey articles. The series also serves as a forum for topics that may not have reached a level
of maturity to warrant a comprehensive textbook treatment.
Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with
ideas for books under this series.
Additional titles in the series:
SECURE MULTI-PARTY NON-REPUDIATION PROTOCOLS AND APPLICATIONS
by José A. Onieva, Javier Lopez, Jianying Zhou; ISBN: 978-0-387-75629-5
GLOBAL INITIATIVES TO SECURE CYBERSPACE: An Emerging Langscape edited
by Michael Portnoy and Seymour Goodman; ISBN: 978-0-387-09763-3
SECURE KEY ESTABLISHMENTS by Kim-Kwang Raymond Choo; ISBN: 978-0-387-
87968-0
SECURITY FOR TELECOMMUNICATIONS NETWORKS by Patrick Traynor, Patrick
McDaniel and Thomas La Porta; ISBN: 978-0-387-72441-6
INSIDER ATTACK AND CYBER SECURITY: Beyond the Hacker edited by Salvatore
Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclaire, Sean W. Smith; ISBN:
978-0-387-77321-6
INTRUSION DETECTION SYSTEMS edited by Robert Di Pietro and Luigi V. Mancini;
ISBN: 978-0-387-77265-3
VULNERABILITY ANALYSIS AND DEFENSE FOR THE INTERNET edited by
Abhishek Singh; ISBN: 978-0-387-74389-9
BOTNET DETECTION: Countering the Largest Security Threat edited by Wenke Lee,
Cliff Wang and David Dagon; ISBN: 978-0-387-68766-7
PRIVACY-RESPECTING INTRUSION DETECTION by Ulrich Flegel; ISBN: 978-0-387-
68254-9
SYNCHRONIZING INTERNET PROTOCOL SECURITY (SIPSec) by Charles A.
Shoniregun; ISBN: 978-0-387-32724-2
SECURE DATA MANAGEMENT IN DECENTRALIZED SYSTEMS edited by Ting Yu
and Sushil Jajodia; ISBN: 978-0-387-27694-6
For other titles published in this series, go to
www.springer.com/series/5576
Identifying Malicious
Reverse Engineering
edited by
Abhishek Singh
Microsoft Corporation
Redmond, WA, USA
with contributions by
Baibhav Singh
Honeywell Technology Solutions Laboratory
Bangalore, India
1 3
Code Through
Editor:
Abhishek Singh
Microsoft Corporation
One Microsoft Way
Advanta-B/3099
Redmond, WA 98052–6399, USA
abhisheksingh243@gmail.com
with contributions by:
Baibhav Singh
Honeywell Technology Solutions Laboratory
151/1, Doraisanipalya, Bannerghatta Road
Bangalore – 560 076, India
ISBN: 978-0-387-09824-1
e-ISBN: 978-0-387-89468-3
Library of Congress Control Number:
2008942
© Springer Science+Business Media, LLC 2009
Printed on acid-free paper
springer.com
All rights reserved. This work may not be translated or copied in whole or in part without the written
permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY
10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection
with any form of information storage and retrieval, electronic adaptation, computer software, or by similar
or dissimilar methodology now known or hereafter developed is forbidden.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are
not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject
to proprietary rights.
DOI: 10.1007/978-0-387-89468-3
254
