Last year we included sandbox execution reports for Portable Executable files thanks to the amazing tool developed by Claudio “nex” Guarnieri and his team, Cuckoo. We are excited to announce that as of today we are also displaying behavioural reports for Android applications (APKs).
Indeed, when informing you about Anthony's return from the Android jungle we promised there would be some further new and exciting features to come. While traversing a cascade of APK, ODEX, DEX, AXML and ARSC species he discovered that sometimes Androguard was not enough to distinguish the good from the evil, he needed something more, he needed to record how these species behaved in order to have a clearer picture in mind of their malicious or harmless intentions.
Attending to these needs he developed an in-house Android Sandbox where these fancy creatures could play around, spit their SMS, excreate their files, sing melodic HTTP conversations and perform animal matters.
These are some examples of the reports produced (Behaviour information tab):
Please note that these reports will appear in an asynchronous fashion, they may not be generated until a couple of minutes after your file scan ends.
Those users with private API or allinfo privileges will see this information in the API responses. As to VirusTotal Intelligence, we will soon be indexing this data and the new Androguard outputs in order to enhance our search functionality, stay tuned, pay attention to the pertinent documentation.