Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
التثبيت
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious API calls without executing the sample. This skill uses androguard for programmatic APK analysis, identifying dangerous permission combinations, obfuscated code patterns, dynamic code loading, reflection-based API calls, and network communication indicators.
When to Use
When investigating security incidents that require analyzing android malware with apktool
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques
Prerequisites
Python 3.9+ with androguard
apktool (for resource decompilation)
jadx (for Java source recovery, optional)
Isolated analysis environment (VM or sandbox)
Sample APK files for analysis
Steps
Parse APK with androguard to extract manifest metadata
Enumerate requested permissions and flag dangerous combinations
List activities, services, receivers, and providers from manifest
Scan for suspicious API calls (reflection, crypto, SMS, telephony)