android Malware and analysis
that matter, we get the MD5 hash for it. e MD5 hash for this
sample is 283d16309a5a35a13f8fa4c5e1ae01b1.
Now that we have the hash for the sample we can check the Internet
for any previous reporting on the sample and correlate our ndings
with the ndings of others. You can return to searching throughout
your analysis as indicators make themselves known, possibly reveal-
ing the nature of the sample you are working with as well as revealing
variants of the specic sample. Following are results of a simple hash
search; there are quite a few hits on this (see Image 9.1).
Now that we have some reporting to work with we can check to
see if any antivirus signatures exist for the sample. We can do this by
accessing a site like virustotal.com, which accepts APK les for sub-
mittal, and either perform a hash search or submit it. Following are
the results from VirusTotal.
File name USB_Cleaver1.3r1.apk
Detection ratio 27/47
Avast Android:UsbCleaver-A [PUP]
Emsisoft Android.Hacktool.UsbCleaver.A (B)