Skill

analyzing-android-malware-with-apktool

From asi

Performs static analysis of Android APK malware using apktool for decompilation, jadx for Java source recovery, and androguard for permissions, manifest, and suspicious API detection.

Android

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious API calls without executing the sample. This skill uses androguard for programmatic APK analysis, identifying dangerous permission combinations, obfuscated code patterns, dynamic code loading, reflection-based API calls, and network communication ...

SKILL.md

Similar Skills

analyzing-android-malware-with-apktool

5.9k

Performs static analysis of Android APK malware using apktool, jadx, and androguard to detect permissions, manifest components, suspicious APIs, and network indicators.

3 files

cybersecurity-skills

analyzing-android-malware-with-apktool

Performs static analysis on Android APK malware using apktool for decompilation, jadx for Java source recovery, and androguard for permissions, manifest checks, suspicious APIs, and risk reports.

3 files

cybersecurity-skills-zh

reverse-engineering-android-malware-with-jadx

Reverse engineers Android APK malware using JADX to decompile Java/Kotlin code, identify data theft, C2 communication, privilege escalation, overlay attacks, and examine permissions/services.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Analyzing Android Malware with Apktool

Overview

When to Use

When investigating security incidents that require analyzing android malware with apktool

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.9+ with androguard

apktool (for resource decompilation)

jadx (for Java source recovery, optional)

Isolated analysis environment (VM or sandbox)

Sample APK files for analysis

Steps

Parse APK with androguard to extract manifest metadata

Enumerate requested permissions and flag dangerous combinations

List activities, services, receivers, and providers from manifest

Scan for suspicious API calls (reflection, crypto, SMS, telephony)

Detect dynamic code loading patterns (DexClassLoader, Runtime.exec)

Extract hardcoded URLs, IPs, and C2 indicators from strings

Generate risk assessment report with MITRE ATT&CK mobile mappings

Expected Output

JSON report with permission analysis, component listing, suspicious API calls, network indicators, and risk score

Extracted strings and potential IOCs from the APK