check if process is running under Android emulator on Android

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: check if process is running under Android emulator on Android
    namespace: anti-analysis/anti-emulation/android
    authors:
      - mehunhoff@google.com
    scopes:
      static: function
      dynamic: call
    references:
      - https://github.com/happylishang/AntiFakerAndroidChecker/blob/master/antifake/src/main/jni/emulator/emcheck64.c
  features:
    - and:
      - or:
        - os: linux
        - os: android
      - string: "com/snail/antifake/jni/EmulatorDetectUtil"
      - optional:
        - string: "getSystemArch"

last edited: 2024-05-31 17:24:19