AnalyzingMobileMalware·Chapter8 285 The automatic mode uses command-line parameters to set all necessary parameters. It starts the ActiveSync connection and if needed the device emulator and the Device Emulator Manager. The analysis is started, and after an arbitrary time interval the analysis is terminated. The analysis target can be a Windows Mobile EXE file on the host computer or a file that is already on the device or the device emulator. Both modes are supported with one limitation: it is not possible to analyze EXE files in read-only memory. A restriction of the current MobileSandbox implementation is its ability to only handle EXE files. In the context of an automatic analysis system, it should be able to also handle installation archives. But with the local interface it is possible to install the archive manually and afterwards select the installed executable. Using the Web Interface The Web interface simplifies usage of MobileSandbox even more by taking care of most parameters by itself. The main parameter is the sample to be analyzed. The automatic analysis mode will be chosen and the device connection will be set up automatically. This has many advantages for getting a quick analysis of an unknown sample without the need to know about the fields of reverse-engineering or malware analysis. Analysis