faber03/AndroidMalwareEvaluatingTools: In order to accomplish a deep antimalwares’ detection algorithms analysis, we developed two different tools, both coded in Java.
The first tool, named Alan, through a simple UI, provides the application of eight different smali code transformations
(detailed informations about these transformations can be found into the paper attached with the project).
This tool contains other two free tools (signapk, apktool) used to decompile and recompile an android
application, providing almost original resources of the application.
The tool works on smali code, a human readable dalvik bytecode.
The aim of these transformations is hiding a malicious behaviour of an application from static malware scanning techniques. A transformed application can be submitted on the website VirusTotal where it can be analyzed by 57 well-known (free and paid) anti-malwares.
In order to work on a large malaware data-set, we developed a second tool, composed basically of code enabling an automatic upload of the android applications on virus-total, using his specific java API, storing result analysis on a relational database (we provide the schema in the project).
This tool provides a simple UI to select among several queries, presenting results on html files
Everything is well-documented and ready to be improved for future works.
If you are interested in the results of the study we’ve carried out analyzing how 57 antimalwares
from VirusTotal perform against 5600 malwares, before and after the application of
obfuscating transformations, you can contact us.