Droidefense – Advance Android Malware Analysis Framework

Droidefense (originally named atom: analysis through observation machine)* is the codename for android ^( https://9to5google.com) apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and ‘bad boy’ routine. Sometimes those techniques can be virtual machine ^(http://www.kitploit.com/search/label/Virtual%20Machine) detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.
Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.

https://github.com/droidefense/engine/wiki/Compilation ^(https://github.com/droidefense/engine/wiki/Compilation)

  • Checkout report example at:
    • https://github.com/droidefense/engine/wiki/Pornoplayer-report ^(https://github.com/droidefense/engine/wiki/Pornoplayer-report)
  • Checkout execution logs at:
    • https://github.com/droidefense/engine/wiki/Execution-logs ^(https://github.com/droidefense/engine/wiki/Execution-logs)
  • Download Droidefense ^(https://github.com/droidefense/engine)

    Author: Marshmallow

    Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).