Abstract: According to the special format of android software,this paper use the decompilation control library to realize analysis of apk installation package,then read the software configuration files,smail files,code documents and so on.After summarizing the existing static analysis methods of malicious software,it present a comprehensive static analysis method,includes permission, header files,services,system API,constant and other key code feature.This paper establish a database of malicious code feature,and use the regular expression to fuzzy match suspicious malicious code. Finally, it proposed a malicious coefficient quantization and determination model.