51
4
StAtIc AnAlySIS
Identifying if a suspect le is malicious typically begins with static analy-
sis. Static analysis does not involve running the code or opening a le
(dynamic analysis), or reverse engineering of the code via disassembly or
debugging. Static analysis largely involves identifying and querying cryp-
tographic hash values, such as MD5, strings, and metadata. More impor-
tant, static analysis is part of a larger process that is recursive by nature,
such as extracting class les from a hostile APK and then collecting static
data on individual artifacts, looking at static analysis of related APKs,
and so on as an analyst seeks to establish more context and analytical
relationships for evaluative authority in understanding a threat. ...