发明名称 |
Method and apparatus for determining malicious program |
摘要 |
Various embodiments provide methods, apparatus, and computer readable medium for determining a malicious program. In an exemplary method, a specific application programming interface (API) within an application program can be obtained. Call logic for calling the specific API can be determined. The call logic can include a triggering event to trigger the specific API to be called, a feedback path provided after the specific API is called, or a combination thereof. Whether the application program is a malicious program can be determined according to the call logic. |
申请公布号 |
US9158918(B2) |
申请公布日期 |
2015.10.13 |
申请号 |
US201314087030 |
申请日期 |
2013.11.22 |
申请人 |
TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED |
发明人 |
Li Wei;Tong Yongliang |
分类号 |
G06F21/00;G06F21/56 |
主分类号 |
G06F21/00 |
代理机构 |
Anova Law Group, PLLC |
代理人 |
Anova Law Group, PLLC |
主权项 |
1. A method for determining a malicious program, comprising:
decompiling an application program to obtain a decompiled code of the application program, wherein the application program is installed on a terminal device of a user; scanning the decompiled code to determine a specific application programming interface (API) from the decompiled code; obtaining the API within the decompiled code of the application program; determining a call logic for calling the specific API, wherein the call logic comprises a triggering event to trigger the specific API to be called, a feedback path provided after the specific API is called, or a combination of the trigger event and the feedback path; and determining whether the application program is a malicious program according to the call logic; wherein the application program is determined to be a malicious program when:
the specific API is a function of connecting to a network to access a business for fee deductions, and the call logic is calling the specific API when the terminal device is powered on to self-start without being authorized by the user; orthe specific API is a function of intercepting and replying a message for fee deductions; and the call logic is that after the specific API is called and the message for fee deductions is replied, a fee is charged to the terminal device of the user. |
地址 |
Shenzhen CN |