Contents Menu Expand Light mode Dark mode Auto light/dark mode
Koodous docs
Logo
  • Koodous Documentation
  • Apk Search
  • API
    • User account
    • Apks
    • Feed
    • Notifications
    • Rulesets
  • Usage limits
  • YARA rules
    • Androguard
    • Droidbox
    • File

Apk Search¶

Koodous has a large database of sample Apks.

Searches can be performed both through the Koodous website and using the API, for more information see the apk endpoints.

Samples can be downloaded according to the limits per user type.

Koodous apk detail

Apk search system¶

The Koodous apk search system allows to use a multitude of filters for the information fields of the Apks, so you can find the ones you want.

A basic example of a search could be: app: Whatsapp AND package: com.whatsapp or package: com.google.android.videos AND trusted: true.

It is possible to perform regular searches by entering the desired text string in the search field to search for Apks with that string in:

  • Package name.

  • Company name.

  • Application name.

  • Hash (if the string entered is a valid hash (sha1, sha256 or md5) then that field will also be searched.

There are conditional operators AND, OR and - (NOT), as well as composition using parentheses ((, )) that allow the creation of complex searches. If different searches are chained together separated by spaces, the AND operator is automatically applied between them.

For modifiers that allow searching between elements with order, such as packet size (size, date, rating) allow the use of the sorting operators: <, <=, >, >=.

Examples of regular searches with conditions and compositions:

  • 66038ee31eea9fa77cb657299edcca9f66b9ba26af0c9eb514aff39abfd2b68c: searches on the packet name, company name, application name and hash fields, with the latter being is the really interesting one for this string.

  • Whatsapp: searches on the package name, company name and application name fields.

  • Whatsapp -com.whatsapp: searches for the string Whatsapp in any of the fields of the regular search, without the string com.whatsapp appearing in any of them.

  • "Whatsapp Plus": searches for the string Whatsapp Plus in any of the fields of the regular search.

  • Whatsapp AND Facebook: searches for both of these words in the regular search fields.

  • Whatsapp OR Facebook: searches for either of these words in the regular search fields.

  • (Whatsapp OR Facebook) -(com.principal OR com.whatsapp): searches for any of the two words in the first group, while excluding those in the second group.

Modifiers for advanced search¶

Attribute

Modifier

Description

Hash

hash:

Performs the search depending on the automatically inserted hash. The admitted hashes are sha1, sha256 and md5.

App name

app:

Searches for the specified app name. If it is a compound name, it can be searched enclosed in quotes, for example: app: "Whatsapp premium".

Package name.

package:

Searches the package name to see if it contains the indicated string, for example: package: com.whatsapp.

Name of the developer or company.

developer: or company:

Searches whether the company or developer field includes the indicated string, for example: developer: "WhatsApp Inc.".

Version

version:

Searches whether the string of the app version matches the one specified, for example: version: 2.22.4.1.

Package size.

size:

Searches whether the size of the packet matches the one specified. Comparators can also be used in order to specify whether we are searching for a size smaller, smaller or equal, larger, larger or equal. For example: size: < 2000 or size: >= 125125. The unit of size is the byte.

Tag

tag:

Searches if the apk has the specified tag, for example: tag: playstore.

Date

date:

Searches by the date of entry into the system. Allows to use comparators or range, for example: date: [2021-03-25, 2021-03-26], date: > 2021-03-25.

Detected

detected:

Filters apks that have been marked as detected (malware), for example: detected: true or detected: false.

Analyzed

analyzed:

Filters apks that have already been analyzed, for example: analyzed: T or analyzed: F.

Rating

rating:

Searches by community rating. This modifier allows to use comparators, for example: rating: <0, rating: >= 2.

Installed

installed:

Filters whether the application is installed on any device, for example: installed: 1 or installed: false.

Trusted

trusted:

Filters for applications that have been marked as trusted, for example: detected: true or detected: false.

Corrupted

corrupted:

Filters for applications that have been marked as corrupted. If an apk has been flagged as detected, it means that the .dex file, a resource file or the certificate could not be detected. Many apks installed on devices do not have a default certificate; this may result in those apks being considered as corrupt. For example: detected: true or detected: false

Certificate

certificate: or cert:

Searches the apps by their certificate. For example: cert: 60BBF1896747E313B240EE2A54679BB0CE4A5023 or certificate: 38A0F7D505FE18FEC64FBF343ECAAAF310DBD799.

Information about Apks¶

Some Apks contain the corrupted tag, this would indicate that the .dex file, or a resource or certificate could not be detected. Many applications installed on devices do not have a certificate by default. This is why these are considered to be corrupt.

Applications may have been analyzed with Androguard, Droidbox, and Cuckoo. If they are not, it can be requested, and the user will be notified when it is finished.

Next
API
Previous
Home
Copyright © 2022, Koodous | Last updated on 13 de May de 2022. | Created using @pradyunsg's Furo theme.
Contents
  • Apk Search
    • Apk search system
    • Information about Apks