Analysis of Uapush Malware Infection using Static and Behavior Method on Android

Analysis of Uapush Malware Infection using Static and Behavior Method on Android

Syaifuddin Syaifuddin, Zamah Sari, Mohammad Khairul Masduqi


This research combines static and behavior analysis to detect malwares on Android system. The analysis process was completed by implementing analysis process on a malware-infected application running on an Android device. The analysis process was implemented based on specific stages, started from implementing behavior analysis on a malware-infected application running on Android device. Moreover, this behavior analysis ran the application on an Android emulator; afterwards, the file processing running on Android would be analyzed using the tool designed on this research to determine whether or not the executed application has been infected by malware. By utilizing behavior analysis, this research aimed to construct LiME kernel module being able to be executed on Android to collect data running on Android memory. This collected data would be analyzed further using volatility as data scanning. The second analysis utilized static analysis by checking the application on android system before running. During the static analysis, the application extraction was executed to generate some files to be analyzed to verify malware infection.


Malware, Android, Virtualization, Uapush

Full Text:



[1] A. Kurniawan and Y. Prayudi, “Live Forensics Technique on Zeus Malware Activities to Support Malware Forensic Investigation,” HADFEX (Hacking Digital Forensics Exposed), June 2014, Pp. 1–5, 2014.

[2] R. Novrianda, Y. N. Kunang, and P. H. Shaksono, “Malware Forensics Analysis in Android Platform,” 2014.

[3] P. Richardus and E. Indrajit, “Malware Analysis.”

[4] R. A. Pangestu, “Analysis of Top 3 High Level Malware Infections on Zeroaccess, Alureon.dx, and Zeus using Digital Forensics based on Volatile Memory in Windows XP and Windows 7 Operation Systems,” University of Stuttgart, No. 9560291, Pp. 2–4, 2012.

[5] N. Threat, I. Report, N. Security, N. Threat, and I. Laboratories, “Nokia Threat Intelligence Report,” 2016.

[6] Y.-H. C. Ming-yang su, Kek-Tung Fung, Yu-Hao Huang, and Ming-Zhi Kang, “Detection of Android Malware: Combined with Static Analysis and Dynamic Analysis,” IEEE, Pp. 1013–1018, 2016.

[7] M. F. Agung, “Basic Concept of Malware Analysis,” 2011.

[8] R. Adenansi and L. A. Novarina, “Malware Dynamic,” Vol. 1, Pp. 37–43, 2017.

[9] F. Freiling, “Practical Infeasibility of Android Smartphone Live Forensics,” Practical Infeasibility of Android Smartphone Live Forensics, 2015.

[10] Carbone, Richard. “Malware Memory Analysis of the IVYL Linux Rootkit: Investigating a Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework,” Defence Research and Development Canada-Valcartier Research Centre Quebec, Quebec Canada, 2015.


  • There are currently no refbacks.

Referencing Software:

Checked by:

Supervised by:


View My Stats

Creative Commons License Kinetik : Game Technology, Information System, Computer Network, Computing, Electronics, and Control by is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.