introduce
I have written VirusTotal's smart search before (see reference 1), but this is not for the Android platform, so here are a few examples of searching for Android platform samples.
example
- The search file type is apk, and it is labeled as spy by Kaspersky, and there are a total of 5 samples from vendors.
tag:apk kaspersky:spy positives:5
- On the basis of 1, more than or equal to 5 samples from vendors
tag:apk kaspersky:spy positives:5+
- Among the APK samples, some were marked as scam by the vendor
tag:apk engines:scam
-
On the basis of 3, you can also search for samples of a specific family
- fake, repack, banker
-
If it is greater than 5, add a vendor mark, and there are samples marked as phishing by the vendor
tag:apk engines:phishing positives:5+
- In the dex string, samples containing the get_sms string
tag:apk androguard:get_sms
reference
- https://blog.csdn.net/ybdesire/article/details/121665678