主权项 |
1. A method for identifying virus APK, comprising:
presetting a virus database comprising virus characteristic codes, wherein the presetting the virus database further including:
scanning an executable file in a source Android package APK,extracting specific data in the executable file,determining whether the specific data contain virus information, wherein the specific data include header information of the executable file, constants in a constant pool of the executable file, or operation instructions in the executable file,in response to a determination that the specific data in the executable file contain virus information, generating the virus characteristic codes according to the specific data, andstoring the virus characteristic codes to the virus database; detecting that a designated file in a target Android installation package APK contains at least one of the virus characteristic codes; and if yes, determining that the target Android installation package APK is a virus APK; wherein the virus characteristic codes comprises: header information characteristic code, constant characteristic code, operand characteristic code, instruction characteristic code, instruction characteristic code sequence, and class name function name characteristic code; the operation instructions in the executable file comprise two portions: opcode and operand; wherein the header information characteristic code, constant characteristic code, operand characteristic code, and class name function name characteristic code are directly generated according to the header information, constant, operand, and class name function name including the virus information; and wherein the instruction characteristic code and the instruction characteristic code sequence are directly generated according to the operation instruction including the virus information, or generated according to the opcode and the character string or wildcard of the operand including the virus information. |