We can see in Figure 4, a huge list of Android permissions that this application requires. This is indicated in field platformBuildVersionCode. The target SDK version code of the app is Android Marshmallow and later, shown in Figure 3. We noticed right away how heavily obfuscated the code is.įigure 4.
We started by decompressing and decoding the APK file using Apktool. To kickstart, we did a little bit of research on how to reverse engineer an Android app, and found a few useful articles that can be found here, here, hereand here. Having little experience in reverse engineering Android applications, we thought it would be fun dissecting this app and hopefully learn new things along the way. Initial Analysisįirst things first, we checked if the file has already been detected by anti-virus engines and sure enough it already was, mostly generic detections but nonetheless detected by 25 out 59 products. Our curiosity suitably aroused, we decided to dive in and analyze it. Here we have an Android application that runs on a mobile device. APK (Android Package Kit) file attached to a spam email is unusual and quite a shift from the usual stuff we see, which centers largely on malicious executable that run on desktops.
0 kommentar(er)
