Method and apparatus for determining malicious program

摘要

Various embodiments provide methods, apparatus, and computer readable medium for determining a malicious program. In an exemplary method, a specific application programming interface (API) within an application program can be obtained. Call logic for calling the specific API can be determined. The call logic can include a triggering event to trigger the specific API to be called, a feedback path provided after the specific API is called, or a combination thereof. Whether the application program is a malicious program can be determined according to the call logic.

主权项

1. A method for determining a malicious program, comprising:
decompiling an application program to obtain a decompiled code of the application program, wherein the application program is installed on a terminal device of a user; scanning the decompiled code to determine a specific application programming interface (API) from the decompiled code; obtaining the API within the decompiled code of the application program; determining a call logic for calling the specific API, wherein the call logic comprises a triggering event to trigger the specific API to be called, a feedback path provided after the specific API is called, or a combination of the trigger event and the feedback path; and determining whether the application program is a malicious program according to the call logic; wherein the application program is determined to be a malicious program when:
the specific API is a function of connecting to a network to access a business for fee deductions, and the call logic is calling the specific API when the terminal device is powered on to self-start without being authorized by the user; orthe specific API is a function of intercepting and replying a message for fee deductions; and the call logic is that after the specific API is called and the message for fee deductions is replied, a fee is charged to the terminal device of the user.