Disguised executable files in spear-phishing emails: detecting the point of entry in advanced persistent threat