I am analyzing a mobile malware sample and got a trouble. When i put sample in JADX, i see some dollar sign. I mean like this;
What does these dollar signs means?
Asked
Active
Viewed 139 times
1
-
Can be the name of an obfuscated method. In Jadx switch to smali code and check it out. Make sure you are using the latest unstable version of Jadx, often problems are already fixed in the latest unstable version. – Robert Sep 16 '21 at 08:25
1 Answers
1
I'm pretty sure you're analyzing the SOVA malware.
The $ is used for the encrypted string character buffer as a name, as well as for the function name to decrypt strings from it.
It's basically just a very short function and variable name and because they have distinct namespaces, they can be the same but be two different things.
Jadx allows you to rename the function if you wish, or as the comment suggests, enable deobfuscation and you'll get something like m123$() and f123$ instead.
Johann Aydinbas
- 1,391
- 7
- 11