how to generate dynamic analysis of android malware using Androguard
178 views
Skip to first unread message
Lifan Xu
Aug 11, 2014, 12:50:19 PM8/11/14
to andro...@googlegroups.com
Hi all, I am doing some Android malware analysis research. I found a website which can return me a report containing the dynamic analysis of the malware:
Here is the report example of one malware sample:
However, it has some queue limitations which prevent me from analyzing hundreds of malware samples.
On the website, it says that it uses Androguard to generate the reports. So I downloaded Androguard and tried this:
.>python androlyze.py -i ./2014/VirusShare_0a8c190e308d65c6b2b4d29f3a1eb764
But this one does not return the information I want which is something like this:
| Timestamp | Operation | Path |
| 24.245 | read | /data/data/com.android.music/shared_prefs/Music.xml| |
| <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="queue"></string> <int name="curpos" value="-1" /> <int name="cardid" value="-1" /> <int name="shufflemode" value="0" /> <int name="repeatmode" value="0" /> </map> | ||
| 94.777 | write | /data/data/biz.nmnonln.rnsoknlnlnl/files/sys.db| |
| .....8....h...X...k...C............ ......>gz....e..Q..A<.........f...Z..........K..6ac....... .........nv...~...< ..........D;...K<.*.........o...hIY............V.........z...........Zlj...H......msV*.......Be.....J....G......v............9%T...G&qJ......$....,...m...O......x%9!............]......T......P...h9fWW/...>... ..........e......R.........D5.........'..{......m......l..............&E...yx.........9.........i....A....#=[A!...s......%... .@....5@]M...*Z.5.......n...Vot`......iC.......,.........`5...D.............*....Mb......v6XB$.......1...^aU"Y...-.......:.........6S...wYwt)...Rc...{................oH.....A...*F............7......J...^........... L.......& ....T......,...c%E...^...Q]...l......=...|S...........0...>...J................+..>Y...]W..........`......9..........$.......f...#..........X...............S1t+nni...#...L.s[T...........X...'..[...nFq...............J.........._D....h......... ......H............;>y.}A...D...kW!. | ||
| 116.785 | read | /data/data/com.android.mms/shared_prefs/_has_set_default_values.xml| |
| <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="_has_set_default_values" value="true" /> </map> | ||
| 116.785 | read | /data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml| |
| <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="pref_key_ringtone">content://settings/system/notification_sound</string> <boolean name="pref_key_auto_delete" value="true" /> <boolean name="checked_message_limits" value="true" /> <boolean name="pref_key_mms_auto_retrieval" value="true" /> <string name="pref_key_vibrateWhen">never</string> <boolean name="pref_key_enable_notifications" value="true" /> </map> | ||
So can anyone tell me how to use Androguard to generate the dynamic analysis report? Thanks!
Bincker China
Nov 27, 2014, 4:24:24 AM11/27/14
to andro...@googlegroups.com
Hi
androlyze.py is a Ipython shell enviroment, so you can use androlyze.py -s to reactive with shell.
and the anubis report is not only androguard(include androlyze, static analysis )report but also droidbox(dyanamic analysis) report.
在 2014年8月12日星期二UTC+8上午12时50分19秒,Lifan Xu写道:
androlyze.py is a Ipython shell enviroment, so you can use androlyze.py -s to reactive with shell.
and the anubis report is not only androguard(include androlyze, static analysis )report but also droidbox(dyanamic analysis) report.
在 2014年8月12日星期二UTC+8上午12时50分19秒,Lifan Xu写道:
Reply all
Reply to author
Forward
0 new messages