Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II

In part I of this blog, I finished the analysis of the native layer of a newly discovered Rootnik malware variant, and got the decrypted real DEX file. Here in part II, we will continue our analysis.

A look into the decrypted real DEX file

The entry of the decrypted DEX file is the class demo.outerappshell.OuterShellApp. The definition of the class OuterShellApp is shown below.

Figure 1. The class demo.outerappshell.OuterShellApp

We will first analyze the function attachBaseContext(). The following is the function aBC() in the class…

Article Link: https://blog.fortinet.com/2017/07/09/unmasking-android-malware-a-deep-dive-into-a-new-rootnik-variant-part-ii