Android analysis vs PC analysis
I am new to the forum and to malware analysis. I was wondering what the differences are in terms of tools and techniques when analysis Android malware compared to PC malware?
Thanks in advance for any help.
Welcome brother currently i will post to you a short answer, firstly Tools Analysis Android it’s different if we compare it with Files PE(Portable Executable) for example if we decompile file, *.apk we must use some decomplies , and we know structure programing *.apk under java that’s why we use the famous apps dex2jar but we can find classes.dex in file *.apk just by open it with 7zip … for PE we have a lot of files to analyse it like *.exe / *.bin … every think and we use a lot of decompiles and disassmbler like gdb for files elf too for pe … there is a lot you can search about it i hope find what you want to understand
These two books will show you in great detail the differences. Welcome to Malware Analysis Forums!!! Enjoy your stay and don’t be shy!
Thank you very much for they replies and i will take a look at the reading you suggested.
I was however wondering if you could suggest a short list of differences just to get me started before i begin my reading.
Thanks in advance
Yes, there are significant differences. Android phones do not use x86-64 processor architecture, which means the assembly language will be different. They also do not use Windows operating system, so the API calls to perform various functions on the phone will be completely different from the API calls that applications must use to perform functions on the Windows PC.
This is significant because when analyzing malware, knowledge of the architecture instruction set, and especially the API calls is very important to understand what a malware is capable of doing.
I’ve not used Android malware analysis tools so someone else will have to comment there. However, you may find some tool-specific answers:
Also, note that the architecture used in ARM so IDA Pro disassembler is still your main tool in regards to disassembly. I believe radare2 and Binary Ninja are also good for this.
@fairlo Hey you will like this video a lot, watch the whole video: