This study addresses the challenge posed by Android malware that evades traditional semantic-based detection through code obfuscation and dynamic loading. To overcome this limitation, the authors propose a novel approach that bypasses disassembly and manual feature engineering by directly mapping an application’s static bytecode and memory snapshots into audio waveforms. Leveraging signal processing and deep learning, the method uncovers intrinsic structural patterns in the data. This work pioneers the direct sonification of binary artifacts for Android memory forensics, eliminating reliance on high-level semantic features and demonstrating robustness against modern obfuscation and steganographic techniques. By integrating handcrafted spectral descriptors with CNN and Transformer embeddings, the approach achieves a 98.0% accuracy on the CICMalDroid2020 and VirusTotal datasets, significantly outperforming existing static sonification methods and state-of-the-art detection systems.

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and dynamic features. These techniques reduce the effectiveness of signature-based systems and degrade the reliability of Machine Learning models that depend on explicit semantic indicators such as permissions, API calls, or control-flow structures. In this work, we propose \approachname, a memory forensics malware detection framework that shifts the analysis perspective from semantic program modeling to signal-based structural representation. Both static bytecode and early-execution memory snapshots are transformed into audio waveforms through direct binary-to-waveform mapping, preserving low-level structural patterns without requiring disassembly or feature engineering. The resulting signals are processed using handcrafted spectral descriptors, Convolutional Neural Networks, and transformer-based embeddings. Experiments on CICMalDroid2020 dataset and VirusTotal malware demonstrate that \approachname achieves up to 98.0\% accuracy, outperforming static sonification and competitive state-of-the-art approaches.