Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library
Tags
cmtmf-attack-pattern: | Native Code |
country: | Russia |
attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Hardware - T1592.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Hooking - T1179 Hooking |
Common Information
Type | Value |
---|---|
UUID | b97349e7-dc5e-4aab-b683-c1b0f063d524 |
Fingerprint | 2e99d9aa6f95a218 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Aug. 3, 2754, midnight |
Added to db | Sept. 26, 2022, 9:30 a.m. |
Last updated | Dec. 10, 2024, 9:22 p.m. |
Headline | VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library |
Title | Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library |
Detected Hints/Tags/Attributes | 55/3/37 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | libdxarq.so |
|
Details | Domain | 3 | librxovdx.so |
|
Details | Domain | 3 | libaojjp.so |
|
Details | Domain | 154 | libc.so |
|
Details | Domain | 2 | ro.kernel.android |
|
Details | Domain | 34 | ro.build |
|
Details | Domain | 3 | ro.hardware.audio |
|
Details | Domain | 193 | com.android |
|
Details | Domain | 10 | android-developers.googleblog.com |
|
Details | Domain | 53 | developer.android.com |
|
Details | Domain | 29 | docs.oracle.com |
|
Details | Domain | 63 | stackoverflow.com |
|
Details | Domain | 15 | forum.xda-developers.com |
|
Details | Domain | 25 | man7.org |
|
Details | Domain | 4 | android-review.googlesource.com |
|
Details | Domain | 18 | www.github.com |
|
Details | File | 3 | svc.vb |
|
Details | File | 1 | 'xposedbridge.jar |
|
Details | File | 2 | detecting-and-eliminating-chamois-fraud.html |
|
Details | File | 3 | design.html |
|
Details | File | 8 | 3.html |
|
Details | File | 3 | functions.html |
|
Details | File | 3 | weddingcake_decrypt.py |
|
Details | Github username | 2 | maddiestone |
|
Details | sha256 | 3 | e8e1bc048ef123a9757a9b27d1bf53c092352a26bdbf9fbdc10109415b5cadac |
|
Details | sha256 | 2 | 92e80872cfd49f33c63993d52290afd2e87cbef5db4adff1bfa97297340f23e0 |
|
Details | Url | 1 | https://android-developers.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html |
|
Details | Url | 2 | https://developer.android.com/ndk/guides/. |
|
Details | Url | 1 | https://developer.android.com/training/articles/perf-jni. |
|
Details | Url | 2 | https://docs.oracle.com/javase/6/docs/technotes/guides/jni/spec/design.html#wp615 |
|
Details | Url | 1 | https://stackoverflow.com/questions/1010645/what-does-the-registernatives-method-do. |
|
Details | Url | 2 | https://developer.android.com/studio/test/monkey. |
|
Details | Url | 2 | https://forum.xda-developers.com/xposed. |
|
Details | Url | 2 | http://man7.org/linux/man-pages/man3/exit.3.html |
|
Details | Url | 1 | https://android-review.googlesource.com/c/platform/system/core |
|
Details | Url | 1 | https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/functions.html#findclass |
|
Details | Url | 1 | http://www.github.com/maddiestone/idapythonembeddedtoolkit/android/weddingcake_decrypt.py |