VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines simultaneously.
Android Sandbox performs both static and dynamic analysis to automatically detect suspicious applications by executing and monitoring applications in a simulated Android OS environment.
Replacing this existing system, VirusTotal Droidy has been integrated in the context of the multi-sandbox project and can extract “juicy” details, such as:
- Network communications and SMS-related activity
- Java reflection calls
- Filesystem interactions
- SQLite database usage
- Services started, stopped
- Permissions checked
- Registered receivers
- Crypto-related activity
- https://www.virustotal.com/#/file/5d26b7141f0d0f76a15ff7b5baf884139b1808ddca2eb8cb625bc89b5936b323/behavior
- https://www.virustotal.com/#/file/3efbb1acdc52153dd61ddafd25d2fbf8f68924b76093c462414097fb827a38c2/behavior
- https://www.virustotal.com/#/file/925f4f4cbc6ccbce10f33cd08a0201da507251854749546715f2a6dbcfba8044/behavior
- https://www.virustotal.com/#/file/cd7ee117b3bc93485c43717037f05ed01de08679cbad9d571ee43d8df0cd3031/behavior
How “VirusTotal Droidy” Is Better Than Older “VirusTotal Sandbox”
VirusTotal also shared another sample report generated using the older version of VirusTotal Sandbox. Y
“The richer the information that we generate for individual data set items, the greater the telescopic capabilities of VirusTotal,” the company said. “This is how we manage to fill in the dots and quickly see all activity tied to certain resources that often show up in malware investigations.”
Report generated using new VirusTotal Droidy Android sandbox technology also includes interactive data from other services such as VirusTotal Intelligence and VirusTotal Graph.
