This document describes tools included in the Android Reverse Engineering (A.R.E.) virtual machine from the Honeynet Project for analyzing Android malware. The A.R.E. VM includes tools for decompiling Android apps, disassembling Dalvik bytecode, inspecting app files and permissions, and monitoring apps dynamically in an instrumented Android virtual machine. It allows static and dynamic analysis of Android apps to identify malicious behavior and understand app functionality.