Caleb Fenton
Caleb Fenton
For anyone reading this, if you're using the latest rules, you should see `yara_undetected_dex` detections for any files which apkid thinks is a dex but yara doesn't.
Thanks for adding a rule! As for a review, basically everything @enovella said 💯 Also: Why do you think this is a variant of Tencent's Legu packer and not something...
I'm going to keep this open since: - there's a sample - it's obfuscated - we don't detect it It's unfortunate we don't know more details about what exactly it...
Thanks for reporting this!
I'll try and reproduce this when I'm in front of my laptop. Does the yara module not have a Match class anymore?
It looks like a standard packer. It must not be that popular, though, as I can only find two references to it: https://groups.google.com/forum/#!topic/android-x86/UcM95-Ehbjg (app won't install) https://www.jianshu.com/p/19b67c263207 (getting around the...
Fingerprinting native compilers (gcc, clang, llvm, etc) is fine and totally in line with the project. We already do something similar for DEX files, and there was some research into...
Has this already been added with `Medusah (AppSolid)` ?
For context, there's already a PR: https://github.com/rednaga/APKiD/pull/299 And at least one issue: https://github.com/rednaga/APKiD/issues/297
We could use a small app or small bit of code as a test for many rules, but some may require professional /paid versions of apps which we wouldn't have....