DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis
2015; Hindawi Publishing Corporation; Volume: 11; Issue: 9 Linguagem: Inglês
10.1155/2015/379682
ISSN1550-1477
AutoresDongwoo Kim, Jin Kwak, Jae‐Cheol Ryou,
Tópico(s)Digital and Cyber Forensics
ResumoWe suggest an idea to dump executable code from memory for malicious application analysis on Android platform. Malicious applications are getting enhanced in terms of antianalysis techniques. Recently, sophisticated malicious applications have been found, which are not decompiled and debugged by existing analysis tools. It becomes serious threat to services related to embedded devices based on Android. Thus, we have implemented the idea to obtain main code from the memory by modifying a part of Dalvik Virtual Machine of Android. As a result, we have confirmed that the executable code is completely obtainable. In this paper, we introduce the existing analysis techniques for Android application, and antianalysis techniques. We then describe the proposed method with a sample malicious application which has strong antianalysis techniques.
Referência(s)