Wednesday, 27 February 2013

Pimping up the characterization of Android files

Our resident Android expert, Anthony Desnos, is back from the Android jungle once again. In this new trip he has encountered and documented many new wild specimens, fought a couple of battles against nasty creatures such as Smsilence and worked hard to polish his main weapon when confronting and recognizing the evil: Androguard.

VirusTotal's private Androguard version has been noticeably improved and the information it dumps is far more extensive than it used to be, including a risk summary, permissions, permission-related api calls, activities, services, receivers, application certificate information and a very long etcetera. This new information appears under a new tab named file details, just as you can observe in the following screenshot.


This is just the very beginning of a series of new features that will hopefully improve your understanding of Android-related files, not only APKs but also DEX, ODEX and AXML formats, stay tuned! Meanwhile, you can take a look at a couple of reports with the new details:

https://www.virustotal.com/en/file/18c0da675416bd9ba06f30ad9f5a608e1ab011e71d79ee60b22d55f98f189356/analysis/

https://www.virustotal.com/en/file/d6f789450613fc8073c67d6c4374963fbf1ca675d8b3fc6221213af4a93de94c/analysis/

https://www.virustotal.com/en/file/b867e8afc9d1a25014496371bdfba2ab4ab133ff83cc1fbfcec83c11817f4d73/analysis/

As usual, suggestions and feature requests are more than welcome!

No comments:

Post a Comment