Hello guys, today we'll do a basic .apk analysis with ''Virustotal''
NOTE: The analysis that we'll do is an uncovered server analysis. So it isn't encrypted by any means.
Here weo go ;
Firstly, you saw an application and you wanted to download. The application is for example cheated game.apk and you tried to download it. Before installation it'll require these from you.
By thinking you'll doubt before installing.
Now let's see how to analyze it together...
Firstly Let's upload the .apk to Virus Total ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
As you can see it instantly detected 23 viruses and when we examine them we can easily see that it is an ''Android-Backdoor'' virus.
Now let's head to "DETAILS" part ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
As you can see here it shows us silly Mail addresses and names. We continue
We continue from ''DETAILS'' part ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
Now we're at the most important part Here it says that be careful, this .apk application will have access to these, these are dangerous properties
The dangerous properties here are the ones we marked with red line.
For an example ; (we downloaded an cheated .apk as you can remember)
Now what does a game cheat have to do with reading SMS, accessing camera, sending SMS, calling someone remotely?
Now here we have solved the case, it means that this .apk file was created from a RAT program.
Guys this analysis is a very simple VT analysis To go into even more detail, you can see what is what by accessing this apk's codes more elaborately.
Example program ;
- Jadx (Via this program you can access the codes and do a more detailed analysis)
But this is unnecessary because after reasoning you can easily understand whether it's a virus or not.
By the way just as used in any RAT these apk files have a host address, IP address, port number as well. (So by looking at the string values of this .apk you can easily see the host address.) )
I am gonna do you a favour, If you are going to look at the string values, when you type the ''dns'' value the host address will show
Even though it's a very simple thing, I wanted to show you what is what shortly. Thanks to all of you, enjoy the forums.
NOTE: The analysis that we'll do is an uncovered server analysis. So it isn't encrypted by any means.
Here weo go ;
Firstly, you saw an application and you wanted to download. The application is for example cheated game.apk and you tried to download it. Before installation it'll require these from you.
By thinking you'll doubt before installing.
Now let's see how to analyze it together...
Firstly Let's upload the .apk to Virus Total ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
As you can see it instantly detected 23 viruses and when we examine them we can easily see that it is an ''Android-Backdoor'' virus.
Now let's head to "DETAILS" part ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
As you can see here it shows us silly Mail addresses and names. We continue
We continue from ''DETAILS'' part ;
Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.
Now we're at the most important part Here it says that be careful, this .apk application will have access to these, these are dangerous properties
The dangerous properties here are the ones we marked with red line.
For an example ; (we downloaded an cheated .apk as you can remember)
Now what does a game cheat have to do with reading SMS, accessing camera, sending SMS, calling someone remotely?
Now here we have solved the case, it means that this .apk file was created from a RAT program.
Guys this analysis is a very simple VT analysis To go into even more detail, you can see what is what by accessing this apk's codes more elaborately.
Example program ;
- Jadx (Via this program you can access the codes and do a more detailed analysis)
But this is unnecessary because after reasoning you can easily understand whether it's a virus or not.
By the way just as used in any RAT these apk files have a host address, IP address, port number as well. (So by looking at the string values of this .apk you can easily see the host address.) )
I am gonna do you a favour, If you are going to look at the string values, when you type the ''dns'' value the host address will show
Even though it's a very simple thing, I wanted to show you what is what shortly. Thanks to all of you, enjoy the forums.