├── README.md
├── ch3
    ├── ban.dex
    ├── com.bp.statis.bloodsugar.apk
    ├── fbhx1.dex
    ├── fbhx2.dex
    └── xn3o.dex
├── ch4
    ├── com.spike.old.apk
    └── hq.json.decrypted.dex
├── cover.webp
└── samples.md


/README.md:
--------------------------------------------------------------------------------
 1 | # The Android Malware Handbook
 2 | 
 3 | <div>
 4 |   <img align="left" width="200px" style="margin-right: 10px; margin-bottom:10px" src="cover.webp" />
 5 | 
 6 | <p>Welcome to the official GitHub repository of the Android Malware Handbook, a 2023 No Starch Press book about Android malware analysis and detection written by Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali, and Yanhai Xiong.</p>
 7 | 
 8 | <p>Book Websites: <a href="https://nostarch.com/androidmalwarehandbook">No Starch Press</a> - <a href="https://www.amazon.com/Android-Malware-Handbook-Detection-Analysis/dp/171850330X">Amazon</a></p>
 9 | </div>
10 | 
11 | <div style="clear:left" />
12 | 
13 | ## Website Content
14 | 
15 | This repository contains materials discussed in the book, for example real malware samples analyzed in the book and hashes for malware samples that we encourage readers to take a look at.
16 | 
17 | * [samples.md](samples.md): Hashes of all the malware samples referenced in the book.
18 | * [ch3](ch3): Malware files discussed in the Static Analysis chapter.
19 | * [ch4](ch4): Malware files discussed in the Dynamic Analysis chapter.
20 | 
21 | ## Leave Feedback
22 | 
23 | * If you found an error in the book, the code, or this website, please file an [Issue](https://github.com/android-malware-ml-book/book-content/issues) for us to work on.


--------------------------------------------------------------------------------
/ch3/ban.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch3/ban.dex


--------------------------------------------------------------------------------
/ch3/com.bp.statis.bloodsugar.apk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch3/com.bp.statis.bloodsugar.apk


--------------------------------------------------------------------------------
/ch3/fbhx1.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch3/fbhx1.dex


--------------------------------------------------------------------------------
/ch3/fbhx2.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch3/fbhx2.dex


--------------------------------------------------------------------------------
/ch3/xn3o.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch3/xn3o.dex


--------------------------------------------------------------------------------
/ch4/com.spike.old.apk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch4/com.spike.old.apk


--------------------------------------------------------------------------------
/ch4/hq.json.decrypted.dex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/ch4/hq.json.decrypted.dex


--------------------------------------------------------------------------------
/cover.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/android-malware-ml-book/book-content/74389bbaa9965cecfcbab5c8877b5c148592d1c9/cover.webp


--------------------------------------------------------------------------------
/samples.md:
--------------------------------------------------------------------------------
 1 | This file provides a reference to all malware samples discussed in the book.
 2 | Samples are listed in order of appearance in the book.
 3 | 
 4 | Malware Family              | Package Name                          | Version       | SHA-256 Hash
 5 | ----------------------------|---------------------------------------|---------------|-------------
 6 | Wallpaper                   | com.kk4.SkypeWallpapers               | v3            | 8cab9f2e22e04342ddc1a8e0f0fbf4291f1f594992d417c8daa367b7c7dc28bd
 7 | Camera                      | com.batterypro                        | v4            | 29ee4791ba43fd1c1ceb1ddb8a5844d992bc2af27f7bcf449d5f8807ee97f222
 8 | Cricketland                 | masteryourgames.amazingalextoolbox    | v12           | c4f0d0f79de0fa1fc00ff002a6f7685929312aa175c6cce15a549a82c6f0dad1
 9 | Dougaleaker                 | jp.co.dougastation                    | v12           | 83fd01d15c50a32a36a890278e0f6b1564a604ce1d4a9a78e5073c32832c8f0d
10 | BeeKeeper                   | com.qiwi.application                  | v4            | 37f31fc6f97a4e5d50f493a77ceaba6e911da9f79397a903d179ad27004bffd5
11 | RuPlay                      | flv.app                               | v118          | 6ed273a6186b204b6cff40022c864d038c38d53482e4c0a2573264113d14877b
12 | RuFraud                     | com.wHillClimbRacingMoneyMod          | v1366388635   | 9de85bccd1bcc75b51729645752633de4394865a3198bc5404bd7d40595094fc
13 | WallySMS                    | com.albertech.harlemshake             | v12           | 31f895829b742b019b64c448076c3b9eeb52a83492b4769593810c42ffba4810
14 | Mono WAP                    | com.baibla.krasive                    | v1            | 9604c3c4fd40bd148bd4fc314cd0113e845127eb1cc85ecfa94704f6e64dee4f
15 | Taicliphot                  | ncn.taicliphot                        | v1            | 38a3ffdd0c90b79a97df425c7d840568b3b45a5f47f9fbeae63338b0eff51416
16 | Turkish Clicker             | com.gkrj.djjsas                       | v2            | c9015ac72654ced7fc2ec732d7f27231478c7a74cfc7de235957a2920c377192
17 | Gaiaphish                   | skt.faker.world                       | v3            | 936c4bbc00a1f06d2b6f86312576fe5f768f975c45aa67d2fedeb3d49d017517
18 | Judy                        | air.com.eni.AnimalJudy035             | v1250000      | a72a20f83f543c7b512f8ea21d42ef986f5327c345890f219cae8d1b2e8bfaef
19 | DressCode                   | com.dark.kazy.goddess.lp              | v1            | d858da88107413e94c83454043cc0ba2c9c5c9bd7f1a562044c0b46f19497965
20 | Joker                       | com.guo.smscolor.amessage             | v5            | 5445
21 | Triada                      | com.untory.run1                       | v1            | 251cbc798c164f864363039763df1c1c49dfb3a5823304a10d085e4ec8dc2336
22 | Snowfox                     | com.zg.magicDrop                      | v1            | 9097557059489910d146e2be88ae7da7939557b1ad6df6504bafb1c9d298debc
23 | Hummingbad                  | com.swiping.whale                     | v262          | 783ad176f6ab6eb65fdf9360718fdf3a977389de301c4701b47e013544b40819
24 | YouTube Downloader          | com.google.android.youtube            | v1599000099   | 428a
25 | OneAudience                 | com.bestcoolfungames.cockroachsmasher | v10617        | 52f2cff7214e7cb0a9b86d0757e5f079100bf4dc4c1f404b2ffc8ce606a8fac5
26 | Android.Click.312.Origin    | com.happylife.callflash               | v26           | dca489bcd45338a66685cf1f6bd798056aa6d368573cc94b12a44d318f8817f8
27 | HDC Bookmark                | com.hdc.bookmark52428                 | v1            | 1ddaadc56da96d5235937eb50b177ea039e2ac59eb8c192592147972451ce733
28 | Digitime                    | com.qiot.update                       | v1032         | 4529560f251fccab6c0eb035ee4956b95fde55a30ac52f1affbf7916076f0ec6
29 | Joker                       | com.bp.statis.bloodsugar              | v20           | adcf3f393214a0be321a22cf53fb5b39afb30404621468013295c58119e2f11f
30 | Xenomorph Downloader        | vizeeva.fast.cleaner                  | v4            | 8f50
31 | Xenomorph                   | com.spike.old                         | v1            | 2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
32 | Fakebank                    | com.a                                 | v152          | 0add
33 | Rootnik                     | com.web.sdfile                        | v2            | f2144da71cd3f178bb2f7aaeca356fc2131873d76af3bd1839ac4b8a7c5fecbb
34 | DroidDream                  | com.fall.down                         | v1            | 7d1d626def8ec6a0a9d2dbd22831e680c88ff823f77b9a5f61e815af5ea0574a
35 | Qibla Compass Ramadan       | ramadan.com.ramadan                   | v4            | 9cefe3e8740897585aa72de5fca33603979ef6c7faaf61f5f391b47829e38e80
36 | Bankbot                     | com.interactive.crutch                | v1            | 9b14d7fcd2fde218670621c21ca6ed774ad7467d63d8549de37b4d1a3547bd7f
37 | Marcher                     | com.fasstr                            | v1            | c219719a84c12a8288396698ff5e1141311107b798e635694b325b86139dcffa
38 | Simplocker                  | qok.wrrgz.xcfwc                       | v1            | a10bcbeabfee2a4dbf7878ee0963f56a1d5c98fd1e2101e36ffba62c729438a2
39 | BeeKeeper                   | angrybirds.app                        | v16           | 51fec49a8d0ba06948612975d37386b5abaa32ce977be65bfcef887d6a06abb9
40 | 


--------------------------------------------------------------------------------