Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and dynamic features. These techniques reduce the effectiveness of signature-based systems and degrade the reliability of Machine Learning models that depend on explicit semantic indicators such as permissions, API calls, or control-flow structures. In this work, we propose \approachname, a memory forensics malware detection framework that shifts the analysis perspective from semantic program modeling to signal-based structural representation. Both static bytecode and early-execution memory snapshots are transformed into audio waveforms through direct binary-to-waveform mapping, preserving low-level structural patterns without requiring disassembly or feature engineering. The resulting signals are processed using handcrafted spectral descriptors, Convolutional Neural Networks, and transformer-based embeddings. Experiments on CICMalDroid2020 dataset and VirusTotal malware demonstrate that \approachname achieves up to 98.0\% accuracy, outperforming static sonification and competitive state-of-the-art approaches.

翻译：安卓恶意软件分析当前在实现鲁棒分类和检测隐蔽攻击方面面临日益严峻的挑战。现代威胁采用代码混淆、动态加载、加壳等高级规避策略，甚至对传统静态和动态特征进行隐写操纵。这些技术降低了基于签名系统的有效性，并削弱了依赖显式语义指标（如权限、API调用或控制流结构）的机器学习模型的可靠性。本文提出\approachname，一种将分析视角从语义程序建模转向基于信号的结构化表征的内存取证恶意软件检测框架。通过直接的二进制到波形映射，静态字节码和早期执行内存快照被转换为音频波形，无需反汇编或特征工程即可保留底层结构模式。生成的信号通过手工设计的频谱描述符、卷积神经网络和基于变换器的嵌入进行处理。在CICMalDroid2020数据集和VirusTotal恶意软件上的实验表明，\approachname达到最高98.0%的准确率，优于静态声学化方法和具有竞争力的现有先进方法。