[Soot-list] Encrypted entry exception
Manuel Benz
manuel.benz at uni-paderborn.de
Thu Jul 27 09:49:37 EDT 2017
Hi Loïc.
As Linghui already mentioned, the apk you delived is encrypted.
After some investigation, I found that the “exception.apk” is actually a zip file. You can extract it with the key “infected” (I found that by brute forcing).
The contents of the zip file is an apk called “jin_old_2.1.apk” which seems to be a malicious application from the NickiSpy family<https://www.trustwave.com/Resources/SpiderLabs-Blog/NickiSpy-C---Android-Malware-Analysis--Demo/>. Virus Total<https://www.virustotal.com/en/file/ccc38fe8e3eed7ba56ea6683e5c919682eb203a37cf4d48cdead452a4ea8f385/analysis/1501062003/> supports this observation.
After extracting the apk, Soot should be able to analyze it.
Best,
Manuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170727/be2eba2a/attachment.html>
More information about the Soot-list
mailing list