Method and device for extracting characteristic code of APK virus
First Claim
1. A method for extracting a characteristic code of APK virus, comprising:
- scanning a designated file in an Android installation package APK;
extracting an operation instruction in the designated file, and determining whether the operation instruction contains virus information; and
generating a virus characteristic code according to the operation instruction when the operation instruction contains virus information;
wherein, the designated file comprises an executable file, and the method further comprises;
extracting a constant in a constant pool of the executable file, and determining whether the constant contains virus information;
generating the virus characteristic code according to the constant when the constant contains virus information;
extracting header information of the executable file, and determining whether the header information contains virus information; and
generating the virus characteristic code according to the header information when the header information contains virus information,wherein the header information of the executable file includes summary information checksum and signature information Signature, and the determining whether the header information includes the virus information includes;
determining whether the summary information checksum and/or signature information Signature include a pre-defined illegal character string; and
generating the virus characteristic code according to the header information comprises generating the summary information checksum and/or signature information Signature as the virus characteristic code.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are a method and a device for extracting a characteristic code of an APK virus. The method comprises: scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file, and judging whether the operation instruction contains virus information; and if yes, generating a characteristic code of the virus according to the operation instruction. In the application, the characteristic code of the virus APK can be accurately and effectively extracted, so as to facilitate improvement of efficiency and accuracy of identification of the virus APK and a variation thereof, thereby improving the security of an APK application.
12 Citations
15 Claims
-
1. A method for extracting a characteristic code of APK virus, comprising:
-
scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file, and determining whether the operation instruction contains virus information; and generating a virus characteristic code according to the operation instruction when the operation instruction contains virus information; wherein, the designated file comprises an executable file, and the method further comprises; extracting a constant in a constant pool of the executable file, and determining whether the constant contains virus information; generating the virus characteristic code according to the constant when the constant contains virus information; extracting header information of the executable file, and determining whether the header information contains virus information; and generating the virus characteristic code according to the header information when the header information contains virus information, wherein the header information of the executable file includes summary information checksum and signature information Signature, and the determining whether the header information includes the virus information includes; determining whether the summary information checksum and/or signature information Signature include a pre-defined illegal character string; and generating the virus characteristic code according to the header information comprises generating the summary information checksum and/or signature information Signature as the virus characteristic code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device for extracting a characteristic code of APK virus, comprising:
-
a memory having instructions stored thereon; a processor to execute the instructions to perform operations for extracting a characteristic code of APK virus, the operations comprising; scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file; determining whether the operation instruction contains virus information; and generating a virus characteristic code according to the operation instruction if the operation instruction contains the virus information; wherein, the designated file comprises an executable file, the operations further comprising; extracting a constant in a constant pool of the executable file; determining whether the constant includes virus information; and generating the virus characteristic code according to the constant if the constant contains the virus information; extracting header information in the executable file; determining whether the header information includes virus information; and generating the virus characteristic code according to the header information if the header information contains the virus information, wherein the header information of the executable file includes summary information checksum and signature information Signature, and the determining whether the header information includes the virus information includes; determining whether the summary information checksum and/or signature information Signature include a pre-defined illegal character string; and generating the virus characteristic code according to the header information comprises generating the summary information checksum and/or signature information Signature as the virus characteristic code. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium having instructions stored thereon that, when executed by a computing device cause the device to perform operations for extracting a characteristic code of APK virus, the operations comprising:
-
scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file, and determining whether the operation instruction contains virus information; and generating a virus characteristic code according to the operation instruction when the operation instruction contains virus information; wherein, the designated file comprises an executable file, the operations further comprising; extracting a constant in a constant pool of the executable file, and determining whether the constant contains virus information; generating the virus characteristic code according to the constant when the constant contains virus information; extracting header information of the executable file, and determining whether the header information contains virus information; and generating the virus characteristic code according to the header information when the header information contains virus information, wherein the header information of the executable file includes summary information checksum and signature information Signature, and the determining whether the header information includes the virus information includes; determining whether the summary information checksum and/or signature information Signature include a pre-defined illegal character string; and generating the virus characteristic code according to the header information comprises generating the summary information checksum and/or signature information Signature as the virus characteristic code.
-
Specification