Quark Engine – Android Malware Scoring System

Quark Engine is an open source software for automating analysis of suspicious Android application. To do so it makes use of custom Dalvik Bytecode Loader and unique scoring system that detect malicious behaviors and calculate threat level.

Quark Engine - Android Malware Scoring System
Quark Engine – Android Malware Scoring System

The tool will analyze the malicious file based on five stages to see if the malicious activity is being practiced. the concept is based on several stages and the latter the stage the more sure that the crime is practiced. the stages are as follows:

  1. Permission requested.
  2. Native API call.
  3. Certain combination of native API.
  4. Calling sequence of native API.
  5. APIs that handle the same register.

Technically this tool will obfuscate the suspicious application and will analyze in case there are any violation rule committed for example delete an SMS, send file via SMS, Send contact via SMS , send contact via socket, send the location via SMS, send recording via socket.

Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. Dalvik bytecode loader consists of functionalities that include first Finding cross reference and calling sequence of the native API.

The second Tracing the bytecode register. The combination of these functionalities not only can neglect obfuscation but also match the design of malware scoring system.

You can read more and download this tool over here: https://github.com/quark-engine/quark-engine

Share