load packed DEX via Jiagu on Android

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: load packed DEX via Jiagu on Android
    namespace: anti-analysis
    authors:
      - mehunhoff@google.com
    scopes:
      static: function
      dynamic: thread
    references:
      - https://github.com/Frezrik/Jiagu
  features:
    - and:
      - os: android
      - string: "NDK_JIAGU"
      - string: "[-]get %s handle failed:%s"
      - string: "[-]ANONYMOUS mmap failed:%s"
      - string: "[-]g_sdk_int Update cookie failed"
      - string: "dalvik/system/InMemoryDexClassLoader"

last edited: 2024-06-11 18:10:57