Malware-Detection-Tools

A list of awesome malware detection tools

Tools

• cuckoo – Paper - Cuckoo Sandbox is an automated dynamic malware analysis system.

• frida – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

• pmd– Dart – PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.

• IntelOwl – Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.

• VirusTotal/yara –YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.

• Yara-Rules – Yara is becoming increasingly used, but knowledge about the tool and its usage is dispersed across many different places. The Yara Rules project aims to be the meeting point for Yara users by gathering together a ruleset as complete as possible thusly providing users a quick way to get Yara ready for usage..

Android Tools

• **** QuarkEngine – An Obfuscation-Neglect Android Malware Scoring System

• *RePlugin - RePlugin - A flexible, stable, easy-to-use Android Plug-in Framework

• revealdroid - Paper - RevealDroid is a machine-learning based approach for detecting malicious Android apps and identifying their families that provides a selectable set of features for achieving different trade-offs between obfuscation resiliency,

• Droidcat– Paper - Unified Dynamic Detection of Malicious Android Apps.

• AndroPyTool – Paper - framework for automated extraction of static and dynamic features from Android applications

• Droidnative – Paper - The paper proposed DroidNative for detection of both bytecode and native code Android malware variants.

• Argus-SAF – Papers:Amandroid,JN-SAF - Argus static analysis framework-and have the capability to perform comprehensive, efficient and highly precise Inter-component Data Flow Analysis.

• MaMaDroid – Paper - Android malware detection system based on modeling the sequences of API calls as Markov chains.

• MaMaDroid – Paper - The DroidSafe project develops novel program analysis techniques to diagnose and remove malicious code from Android mobile applications.

• InputScope – Paper - static analysis tool to automatically uncover hidden behaviors from user-input validation in mobile apps.

• bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

• AndroCompare – An efficient tool to do in-depth comparison of two android apps.

• FlowDroid – Atatically computes data flows in Android apps and Java programs.

• MobSF – Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

• androguard – Reverse engineering, Malware and goodware analysis of Android applications.

• COVA – A static analysis tool to compute path conditions.

• SEforAndroid – Security Enhancements (SE) for Android™ was a NSA-led project that created and released an open source reference implementation of how to enable and apply SELinux to Android.

• soot – A Java optimization framework-Call-graph construction

• droidbox – Dynamic analysis of Android apps

• dexmaker – A utility for doing compile or runtime code generation targeting Android's Dalvik VM

• virtualapk – Dynamically load and run an APK file

• GroddDroid – a framework for executing automatically malware on a smartphone, triggering its user interface

• avpass – Tool for leaking and bypassing Android malware detection system

• adagio – Paper -Structural Analysis and Detection of Android Malware

• JEB - Closed source - JEB is a disassembler and decompiler software for Android applications and native machine code.

• vdexExtractor - Command line tool to decompile and extract Android Dex bytecode from Vdex files that are generated along with Oat files when optimizing bytecode from dex2oat ART runtime compiler.other tools (lief, dextra, etc.)

• LIEF - LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.

• APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android.

• appmon - AppMon is an automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida.

• simplify - Android virtual machine and deobfuscator.

• MARA_Framework - MARA is a Mobile Application Reverse engineering and Analysis Framework.

• smalisca - Static Code Analysis for Smali files.

• truegaze - Static analysis tool for Android/iOS apps focusing on security issues outside the source code.

• Pscout - Analyzing the Android Permission Specification,Android Permission Mapping tool.

• slicer - A tool to automate the recon process on an APK file.

• didfail – Paper -DidFail uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

• androwarn – Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.

• APKiD – Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android.

• Dexofuzzy – Paper - Dexofuzzy is a similarity digest hash for Android. It extracts Opcode Sequence from Dex file based on Ssdeep and generates hash that can be used for similarity comparison of Android App.

• AndroCFG - Extract both control flow graphs and code parts from APK based on API calls.

• exodus - εxodus is a privacy auditing platform for Android applications. It detects behaviors which can be dangerous for user privacy like ads, tracking, analytics, ….

Android Native Tools

• xHook - xHook is a PLT (Procedure Linkage Table) hook library for Android native ELF (executable and shared libraries).

• plthook - A utility library to hook library function calls issued by specified object files (executable and libraries).

Online Analyzers

• Android Observatory – The Android Observatory is a web interface to a large repository of Android applications. It allows users to search or browse through thousands of Android apps and retrieve metadata for those apps.
• Android APK Decompiler – Decompiling APK files made easy. Online decompiler.
• AndroidTotal – AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps.
• Anubis – Malware Analysis for Unknown Binaries.
• Akana – Akana is an online Android app Interactive Analysis Enviroment (IAE), which is combined with some plugins for checking the malicious app.
• App360Scan – Tells about permissons used by an Application and what harm it can cause to users.
• Baidu – It provides an online security analysis of Android apps.
• CopperDroid – It automatically perform out-of-the-box dynamic behavioral analysis of Android malware.
• Dexter – Dexter is an interactive Android software analysis environment with collaboration features.
• Eacus – A lite Android app analysis framework
• Mobile Sandbox – The Mobile-Sandbox provides static and dynamic malware analysis combined with machine learning techniques for Android applications.
• Sandroid – An automatic Android application analysis system
• Virus Total – VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
• AVC UnDroid – VC UnDroid is a free online service of AV-Comparatives that provides a static analysis of Android apps.
• jbxapi – The Joe Sandbox API Wrapper enables you to fully integrate Joe Sandbox into your malware analysis framework. Joe Sandbox is a deep malware analysis platform for analyzing malicious files..

Android Dataset

• android-malware - Collection of android malware samples

• Drebin Dataset - he dataset contains 5,560 applications from 179 different malware families. The samples have been collected in the period of August 2010 to October 2012 and were made available to us by the MobileSandbox project

Papers

Android Papers

• A Survey of Android Security Threats and Defenses – Bahman Rashidi∗and Carol Fun-2015

White Papers

• appknox – At Appknox , we are building world class mobile security solutions to help Developers, Security Researchers, Enterprises To build a safe and secure mobile ecosystem using a system plus human approach to outsmart Smartest hackers.

Researchers

• Bahman Rashidi – Research: Mobile Devices, Smartphone Privacy, Mobile Platform Development, Distributed Systems

• JunWei Song – Research: Mrsecurity, reverse engineering, and malware analysis

Links

• ***android-security - Android Security Resources Collection. 600+Tools, 1500+ Post

• ** DroidCC – Android malware detection using deep learning, contains malware samples, papers, tools etc.

• blackarch.org – Packages that manipulate mobile platforms.

• seal full list of classified paper - We presents a comprehensive review of the existing approaches for Android security analysis.

• AndroidReferences – We list the following literatures, tools, markets in a chronological order.

• wiki.secmobi.com – SecMobi Wiki is a collection of mobile security resources.

• Android Secure Coding Standard – The AndroidTM rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community.

• linuxsecurity – We are volunteering to index and categorize all security tools with an open source license.The database currently consists of 521 security tools.

• awesome-mobile-security – Maintained by @vaib25vicky with contributions from the security and developer communities.

• android-security-awesome – A collection of android security related resources.