VIII
Contents
Advanced Internet Queries 53
Private Groups and Rampart Research Inc. 53
Android Malware Genome Project 54
File Data 54
Cryptographic Hash Types and Queries 55
Other Metadata 56
Antivirus Scans and Aliases 57
Unzipping an APK 57
Common Elements of an Unpacked APK File 57
Certicate Information 58
Permissions 59
Strings 60
Other Content of Interest within an APK 61
Creating a JAR File 62
Visualreat Modeling 62
Automation 62
(Fictional) Case Study 63
cha Pte r 5 and roid ma lwa re evolutio n 71
cha Pte r 6 and roid ma lwa re trends a nd re ve rsing
tac ti cs 77
cha Pte r 7 Beh avio ral analys is 91
Introduction to AVD and Eclipse 91
Downloading and Installing the ADT Bundle 92
e Software Development Kit Manager 93
Choosing an Android Platform 94
Processor Emulation 95
Choosing a Processor 95
Using HAXM 95
Conguring Emulated Devices within AVD 96
Location of Emulator Files 99
Default Image Files 100
Runtime Images: User Data and SD Card 100
Temporary Images 100
Setting Up an Emulator for Testing 101
Controlling Malicious Samples in an Emulated Environment 102
Additional Networking in Emulators 102
Using the ADB Tool 103
Using the Emulator Console 103
Applications for Analysis 104
Capabilities and Limitations of the Emulators 105
Preserving Data and Settings on Emulators 105
Setting Up a Physical Device for Testing 106
Limitations and Capabilities of Physical Devices 108
Network Architecture for Sning in a Physical Environment 109
Applications for Analysis 110