Malware Executables Analysis Using Static Analysis Technique for Android Devices

Abstract

Malware is a worldwide epidemic. Recently, the threat of Android malware is spreading rapidly, especially due to third-party Android application developers. The growing amount and variety of these applications cannot take conventional defences, if taken, but they are largely ineffective, and thus, Android smartphones often remain unprotected from malwares. So, a huge need for static malware analysis is felt to overcome these problems and to look into these malware executables deeply. In this study, a static analysis technique using SandDroid Sandbox to detect the Android malware has been proposed. Sandboxes are used to run untested code that contain viruses or untrusted programs from third parties. This analysis technique considers the static information including permissions, certification, code features, advertisement modules and sensitive API calls which can characterize the behaviour of Android applications. SandDroid extracts the information (e.g., requested permissions, certificates and code features etc.) from each application's manifest file, and respective components (Events, Services, Broadcast Receivers) as entry points moving towards sensitive API Calls related to dangerous permissions. SandDroid is efficient since it takes only half of time than other sandboxes to analyse Android applications for malicious patterns and gives better insight.