66
android Malware and analysis
generated through such an analysis over his lunch hour. Upon return-
ing from lunch, he nds that the primary package name of interest in
the APK is com.sileria.alsalah. Permissions are extensive as seen in
former open source intelligence for the sample of interest. e analyst
is wondering if this is a poorly coded app that requires a lot more
permissions than what a simple prayer reminder app should require or
if it is a Trojaned app. He discovers that there is a service associated
with the app, com.awake.alArabiyyah, and that it looks like it may
hook boot to run upon startup of the device. Some sandbox results
suggest it may have a SQLite database component and may download
les to the SD card. e analyst is ...