VirusTotal, the aggregated antivirus scanning engine owned by Google, announced today a new Android sandbox technology named Droidy.

The feature, already live on the site, is a simulated Android OS environment meant for analyzing Android app behavior and producing reports for users and security researchers alike.

The additional behavioral details included in these reports should help security researchers confirm the malicious classification of VirusTotal scan results or, in some cases, overturn them.

Droidy is VT's next-gen Android sandbox

VirusTotal says Droidy is an improvement on its original Android sandbox environment the company first deployed in 2013, a year after Google bought the service.

The new Droidy sandbox will be able to provide additional information about a malware strain's activities, such as:

Network communications and SMS-related activity

Java reflection calls

Filesystem interactions

SQLite database usage

Services started, stopped, etc.

Permissions checked

Registered receivers

Crypto-related activity

To access a Droidy sandbox report, users must go to the VirusTotal page's Behavior tab and select Droidy from the dropdown list at the top. Currently there are three options available for Android malware analysis: VirusTotal Sandbox, VirusTotal Droidy, and Tencent HABO.

Droidy integrates with VTI and VT Graph

Naturally, all Droidy report details are also pulled into other VirusTotal features, such as VirusTotal Intelligence and VirusTotal Graph.

"The richer the information that we generate for individual data set items, the greater the telescopic capabilities of VirusTotal," said Emiliano Martinez, a developer for VirusTotal. "This is how we manage to fill in the dots and quickly see all activity tied to certain resources that often show up in malware investigations."

Here are a few malware samples for which Droidy reports are currently available: