Artigo Acesso aberto Revisado por pares

DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis

2015; Hindawi Publishing Corporation; Volume: 11; Issue: 9 Linguagem: Inglês

10.1155/2015/379682

ISSN

1550-1477

Autores

Dongwoo Kim, Jin Kwak, Jae‐Cheol Ryou,

Tópico(s)

Digital and Cyber Forensics

Resumo

We suggest an idea to dump executable code from memory for malicious application analysis on Android platform. Malicious applications are getting enhanced in terms of antianalysis techniques. Recently, sophisticated malicious applications have been found, which are not decompiled and debugged by existing analysis tools. It becomes serious threat to services related to embedded devices based on Android. Thus, we have implemented the idea to obtain main code from the memory by modifying a part of Dalvik Virtual Machine of Android. As a result, we have confirmed that the executable code is completely obtainable. In this paper, we introduce the existing analysis techniques for Android application, and antianalysis techniques. We then describe the proposed method with a sample malicious application which has strong antianalysis techniques.

Referência(s)