ioc[.]one - OSINT Cyber Threat Intelligence Database

Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library

Tags

cmtmf-attack-pattern:	Native Code
country:	Russia
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Hardware - T1592.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Hooking - T1179 Hooking

Show in Graph

Common Information

Type	Value
UUID	b97349e7-dc5e-4aab-b683-c1b0f063d524
Fingerprint	2e99d9aa6f95a218
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 3, 2754, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:45 p.m.
Headline	VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library
Title	Virus Bulletin :: VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis native library
Detected Hints/Tags/Attributes	55/3/37

Source URLs

	Redirection	Url
Details	Source	https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-unpacking-packed-unpacker-reversing-android-anti-analysis-native-library/

URL Provider

Details	Provider	Source level domain
Details	virusbulletin.com	www.virusbulletin.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	libdxarq.so
Details	Domain	3	librxovdx.so
Details	Domain	3	libaojjp.so
Details	Domain	145	libc.so
Details	Domain	2	ro.kernel.android
Details	Domain	34	ro.build
Details	Domain	3	ro.hardware.audio
Details	Domain	188	com.android
Details	Domain	10	android-developers.googleblog.com
Details	Domain	53	developer.android.com
Details	Domain	28	docs.oracle.com
Details	Domain	62	stackoverflow.com
Details	Domain	15	forum.xda-developers.com
Details	Domain	24	man7.org
Details	Domain	4	android-review.googlesource.com
Details	Domain	18	www.github.com
Details	File	3	svc.vb
Details	File	1	'xposedbridge.jar
Details	File	2	detecting-and-eliminating-chamois-fraud.html
Details	File	3	design.html
Details	File	8	3.html
Details	File	3	functions.html
Details	File	3	weddingcake_decrypt.py
Details	Github username	2	maddiestone
Details	sha256	3	e8e1bc048ef123a9757a9b27d1bf53c092352a26bdbf9fbdc10109415b5cadac
Details	sha256	2	92e80872cfd49f33c63993d52290afd2e87cbef5db4adff1bfa97297340f23e0
Details	Url	1	https://android-developers.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html
Details	Url	2	https://developer.android.com/ndk/guides/.
Details	Url	1	https://developer.android.com/training/articles/perf-jni.
Details	Url	2	https://docs.oracle.com/javase/6/docs/technotes/guides/jni/spec/design.html#wp615
Details	Url	1	https://stackoverflow.com/questions/1010645/what-does-the-registernatives-method-do.
Details	Url	2	https://developer.android.com/studio/test/monkey.
Details	Url	2	https://forum.xda-developers.com/xposed.
Details	Url	2	http://man7.org/linux/man-pages/man3/exit.3.html
Details	Url	1	https://android-review.googlesource.com/c/platform/system/core
Details	Url	1	https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/functions.html#findclass
Details	Url	1	http://www.github.com/maddiestone/idapythonembeddedtoolkit/android/weddingcake_decrypt.py