40
android Malware and analysis
information found at the bottom of the le such as the snippet of
output seen here for an Android malware sample:
...omitted...
Catch list 1:
CatchAllAddr: 0xDA
StaticOffs: 00000000
FA7D6731 com.security.service.receiver.SmsReceiver
Detected: trojan://AndroidOS/Zitmo (New variant)
DexID can be run inside of a common Ubuntu type operating sys-
tem by calling it from Perl. Use the “-v” option to perform an exten-
sive dump of classes.dex or just “-t” to identify any known malware
identied within the signature le.
perl -f dexid.bat -t “/home/username/Desktop/bad.apk”
> dexid.txt
DARE
http://siis.cse.psu.edu/dare/downloads.html. Use DARE to create
class les from DEX and APK les, to then analyze using Java tools
such as J ...