The two most common methods for analysing potentially malicious files each have their shortcomings. Dynamic analysis only looks at what actually happens when the code is run and can thus be frustrated by anti-analysis techniques. Static analysis doesn’t have this shortcoming, but is hindered by obfuscation used in the file.
In a
paper
presented at VB2018 in Montreal,
Check Point
researchers Yoni Moses and Yaniv Mordekhay proposed a method that combines static and dynamic analysis to defeat obfuscation in
Android
apps. They tested it successfully on hundreds of both malicious and benign
Android
apps and concluded that, to research modern threats, a more holistic approach like this is needed.
Today we have published Yoni and Yaniv’s paper in both
HTML
and
PDF
format. We have also uploaded the video of their presentation to our
YouTube
channel.
Android app deobfuscation using static-dynamic cooperation
Read the paper (HTML)
Download the paper (PDF)
Those interested in
Android
malware in general and anti-analysis methods in particular would do well to read
the paper
by
Google
researcher Maddie Stone, presented at the same conference.
Leave a Reply