恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-1	2016-09-18 09:48:51	2016-09-18 09:49:37	46 秒

魔盾分数

6.0

可疑的

文件详细信息

文件名	Setup.exe
文件大小	757528 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	6bb512bdf6409d20bac34d17993727b0
SHA1	9dc16f1ba91155b9da5286e451dd1ce20e764244
SHA256	0c08b1a0c087105cc1cf8ea29b09a43b534db8d30cc10fa80067f1de7840a793
SHA512	bf0cdec9f6f1978c409939f1cfcc21584bcf1244e75004d2b5c1ffb0976e8d6d3f5fbba0fcddf8a8f1e127d631b8bf8bb49ec2c0c1912e0c06bb115e4ec756ca
CRC32	591FB420
Ssdeep	12288:JNIgpDo9SkXNrrWgTqUEX6NzFpF+oCRps8iFYAfSiLbcD9YxW9Jrtebq5zzzzz1F:DIgpDc9XWg+UdNpT+oCXuYKSiLbcBYx6
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	23.44.155.27	美国
否	122.228.22.102	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.download.windowsupdate.com	CNAME fg.download.windowsupdate.com.mwcname.com CNAME ipv6microsoft.dlmix.ourdvs.com A 183.134.10.52 A 122.228.237.169 A 122.228.22.170 A 122.228.22.209 A 58.220.44.179 CNAME 2-01-3cf7-0009.cdx.cedexis.net A 183.131.67.42 A 115.231.84.168 A 122.228.237.147 A 122.228.205.24 A 122.228.22.102 A 183.134.24.72 A 183.134.53.144 A 115.231.158.74
ocsp.verisign.com	CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.44.155.27
sf.symcd.com

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0045abdf
声明校验值	0x000bae4e
实际校验值	0x000bae4e
最低操作系统版本要求	4.0
PDB路径	C:\DistributedAutoLink\Temp\CompileOutputDir\Setup.pdb
编译时间	2016-05-23 17:05:37
图标
图标精确哈希值	0ec3460dbae77926bbf7bf06ae7c08b8
图标相似性哈希值	b35938e4086bfafca8e75d3517dd3f08

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
SpecialBuild
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
214f8f149431ed5c2256a0d72cd3e4f0a25509e1	Mon May 23 17:00:35 2016	是	无

证书链	Certificate Chain 1
发行给	VeriSign Class 3 Public Primary Certification Authority - G5
发行人	VeriSign Class 3 Public Primary Certification Authority - G5
有效期	Thu Jul 17 075959 2036
SHA1 哈希	4eb6d578499b1ccf5f581ead56be3d9b6744a5e5

证书链	Certificate Chain 2
发行给	VeriSign Class 3 Code Signing 2010 CA
发行人	VeriSign Class 3 Public Primary Certification Authority - G5
有效期	Sat Feb 08 075959 2020
SHA1 哈希	495847a93187cfb8c71f840cb7b41497ad95c64f

证书链	Certificate Chain 3
发行给	Beijing Rising Information Technology Corporation Limited
发行人	VeriSign Class 3 Code Signing 2010 CA
有效期	Sat Sep 08 075959 2018
SHA1 哈希	6d6afc4a6e24b3441b872b9995e37ca8d2bc4609

证书链	Timestamp Chain 1
发行给	GlobalSign Root CA
发行人	GlobalSign Root CA
有效期	Fri Jan 28 200000 2028
SHA1 哈希	b1bc968bd4f49d622aa89a81f2150152a41d829c

证书链	Timestamp Chain 2
发行给	GlobalSign Timestamping CA - G2
发行人	GlobalSign Root CA
有效期	Fri Jan 28 200000 2028
SHA1 哈希	c0e49d2d7d90a5cd427f02d9125694d5d6ec5b71

证书链	Timestamp Chain 3
发行给	GlobalSign TSA for MS Authenticode - G2
发行人	GlobalSign Timestamping CA - G2
有效期	Tue Mar 03 080000 2026
SHA1 哈希	b36308b4d4cded4fcfbd66b955fae3bfb12c29e6

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0006fda6	0x00070000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.52
.rdata	0x00071000	0x0000fe3a	0x00010000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.34
.data	0x00081000	0x00004808	0x00003000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.55
.rsrc	0x00086000	0x00030798	0x00031000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.87

覆盖

偏移量	0x000b5000
大小	0x00003f18

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_BITMAP	0x000a6150	0x000070d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.82	data
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_ICON	0x000b1d60	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	GLS_BINARY_LSB_FIRST
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_DIALOG	0x000b3d58	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_STRING	0x000b6748	0x00000050	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	data
RT_ACCELERATOR	0x000b3fc0	0x00000070	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.95	data
RT_GROUP_ICON	0x000b21c8	0x0000003e	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.49	MS Windows icon resource - 4 icons, 32x32, 256-colors
RT_GROUP_ICON	0x000b21c8	0x0000003e	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.49	MS Windows icon resource - 4 icons, 32x32, 256-colors
RT_VERSION	0x000b4030	0x0000045c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.49	data
RT_MANIFEST	0x000b4490	0x00000327	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.15	XML document text

导入

库: KERNEL32.dll:

• 0x47111c WritePrivateProfileSectionA

• 0x471120 CreateDirectoryA

• 0x471124 FormatMessageA

• 0x471128 lstrcatA

• 0x47112c GetWindowsDirectoryA

• 0x471130 RemoveDirectoryA

• 0x471134 TerminateProcess

• 0x471138 CreateProcessA

• 0x47113c MoveFileExA

• 0x471140 SizeofResource

• 0x471144 LoadResource

• 0x471148 FindResourceA

• 0x47114c LoadLibraryExA

• 0x471150 IsDBCSLeadByte

• 0x471154 SetUnhandledExceptionFilter

• 0x471158 GetTempFileNameA

• 0x47115c GetModuleHandleW

• 0x471160 ResumeThread

• 0x471164 SetThreadPriority

• 0x471168 GetDiskFreeSpaceA

• 0x47116c GetDriveTypeA

• 0x471170 GetLogicalDriveStringsA

• 0x471174 GetSystemDirectoryA

• 0x471178 MulDiv

• 0x47117c GlobalFree

• 0x471180 GlobalAlloc

• 0x471184 FlushFileBuffers

• 0x471188 SetEndOfFile

• 0x47118c SetFileTime

• 0x471190 SystemTimeToFileTime

• 0x471194 FileTimeToSystemTime

• 0x471198 GetLocaleInfoW

• 0x47119c SetStdHandle

• 0x4711a0 IsBadCodePtr

• 0x4711a4 IsBadReadPtr

• 0x4711a8 WritePrivateProfileStringA

• 0x4711ac IsValidLocale

• 0x4711b0 EnumSystemLocalesA

• 0x4711b4 GetUserDefaultLCID

• 0x4711b8 GetEnvironmentStringsW

• 0x4711bc FreeEnvironmentStringsW

• 0x4711c0 GetEnvironmentStrings

• 0x4711c4 FreeEnvironmentStringsA

• 0x4711c8 GetFileType

• 0x4711cc GetStdHandle

• 0x4711d0 SetHandleCount

• 0x4711d4 UnhandledExceptionFilter

• 0x4711d8 GetStringTypeW

• 0x4711dc GetStringTypeA

• 0x4711e0 GetOEMCP

• 0x4711e4 HeapSize

• 0x4711e8 TlsGetValue

• 0x4711ec TlsSetValue

• 0x4711f0 TlsFree

• 0x4711f4 TlsAlloc

• 0x4711f8 IsBadWritePtr

• 0x4711fc VirtualFree

• 0x471200 HeapCreate

• 0x471204 HeapDestroy

• 0x471208 QueryPerformanceCounter

• 0x47120c GetCPInfo

• 0x471210 LCMapStringW

• 0x471214 LCMapStringA

• 0x471218 GetStartupInfoA

• 0x47121c GetSystemTimeAsFileTime

• 0x471220 VirtualQuery

• 0x471224 GetSystemInfo

• 0x471228 VirtualAlloc

• 0x47122c VirtualProtect

• 0x471230 CreateThread

• 0x471234 ExitThread

• 0x471238 HeapReAlloc

• 0x47123c RtlUnwind

• 0x471240 ExitProcess

• 0x471244 GetPrivateProfileSectionA

• 0x471248 HeapFree

• 0x47124c CopyFileA

• 0x471250 Sleep

• 0x471254 GetShortPathNameA

• 0x471258 CreateMutexA

• 0x47125c FindFirstFileA

• 0x471260 GetFullPathNameA

• 0x471264 SetLastError

• 0x471268 MultiByteToWideChar

• 0x47126c FindClose

• 0x471270 FindNextFileA

• 0x471274 lstrlenW

• 0x471278 lstrcmpA

• 0x47127c GetTempPathA

• 0x471280 GetThreadLocale

• 0x471284 GetLocaleInfoA

• 0x471288 GetACP

• 0x47128c InterlockedExchange

• 0x471290 GetVersion

• 0x471294 LocalFree

• 0x471298 GetCommandLineA

• 0x47129c GetExitCodeProcess

• 0x4712a0 InterlockedIncrement

• 0x4712a4 WaitNamedPipeA

• 0x4712a8 SetNamedPipeHandleState

• 0x4712ac ReadFile

• 0x4712b0 OpenProcess

• 0x4712b4 GetModuleHandleA

• 0x4712b8 GetTickCount

• 0x4712bc OutputDebugStringA

• 0x4712c0 WaitForSingleObject

• 0x4712c4 TerminateThread

• 0x4712c8 GetCurrentThreadId

• 0x4712cc GetModuleFileNameA

• 0x4712d0 GetFileSize

• 0x4712d4 SetFileAttributesA

• 0x4712d8 DeleteFileA

• 0x4712dc DeviceIoControl

• 0x4712e0 MoveFileA

• 0x4712e4 SetFilePointer

• 0x4712e8 WriteFile

• 0x4712ec GetFileAttributesA

• 0x4712f0 lstrcpynA

• 0x4712f4 GetLocalTime

• 0x4712f8 GetPrivateProfileStringA

• 0x4712fc GetPrivateProfileIntA

• 0x471300 InterlockedDecrement

• 0x471304 GetLastError

• 0x471308 GetCurrentProcessId

• 0x47130c WideCharToMultiByte

• 0x471310 lstrcmpiA

• 0x471314 lstrcpyA

• 0x471318 lstrlenA

• 0x47131c GetProcessHeap

• 0x471320 HeapAlloc

• 0x471324 GetCurrentProcess

• 0x471328 FlushInstructionCache

• 0x47132c LeaveCriticalSection

• 0x471330 EnterCriticalSection

• 0x471334 FreeLibrary

• 0x471338 LoadLibraryA

• 0x47133c GetProcAddress

• 0x471340 CreateFileA

• 0x471344 CloseHandle

• 0x471348 GetVersionExA

• 0x47134c DeleteCriticalSection

• 0x471350 InitializeCriticalSection

• 0x471354 RaiseException

• 0x471358 IsValidCodePage

库: USER32.dll:

• 0x4713c8 GetFocus

• 0x4713cc LoadCursorA

• 0x4713d0 PostQuitMessage

• 0x4713d4 IsWindowEnabled

• 0x4713d8 SetActiveWindow

• 0x4713dc IsDialogMessageA

• 0x4713e0 SetWindowPos

• 0x4713e4 UnregisterClassA

• 0x4713e8 SetWindowLongA

• 0x4713ec wsprintfA

• 0x4713f0 ShowWindow

• 0x4713f4 LoadStringA

• 0x4713f8 CharUpperA

• 0x4713fc DispatchMessageA

• 0x471400 TranslateMessage

• 0x471404 GetMessageA

• 0x471408 PeekMessageA

• 0x47140c MapWindowPoints

• 0x471410 GetParent

• 0x471414 LoadImageA

• 0x471418 EnableMenuItem

• 0x47141c GetSystemMenu

• 0x471420 GetSystemMetrics

• 0x471424 EndPaint

• 0x471428 DrawTextExA

• 0x47142c FillRect

• 0x471430 BeginPaint

• 0x471434 UpdateWindow

• 0x471438 InvalidateRect

• 0x47143c PtInRect

• 0x471440 SetCursor

• 0x471444 GetPropA

• 0x471448 SetPropA

• 0x47144c CreateWindowExA

• 0x471450 RegisterClassExA

• 0x471454 GetClassNameA

• 0x471458 GetDlgCtrlID

• 0x47145c CallWindowProcA

• 0x471460 GetWindowLongA

• 0x471464 GetDlgItemTextA

• 0x471468 EnumChildWindows

• 0x47146c SetWindowTextA

• 0x471470 GetDlgItem

• 0x471474 GetWindowThreadProcessId

• 0x471478 IsWindowVisible

• 0x47147c EnumWindows

• 0x471480 RedrawWindow

• 0x471484 GetWindow

• 0x471488 EndDialog

• 0x47148c GetWindowRect

• 0x471490 SetDlgItemTextA

• 0x471494 MoveWindow

• 0x471498 SetTimer

• 0x47149c KillTimer

• 0x4714a0 SetFocus

• 0x4714a4 DialogBoxParamA

• 0x4714a8 ScreenToClient

• 0x4714ac SendMessageA

• 0x4714b0 FindWindowA

• 0x4714b4 IsWindow

• 0x4714b8 wvsprintfA

• 0x4714bc CharLowerA

• 0x4714c0 CharNextA

• 0x4714c4 CreateDialogParamA

• 0x4714c8 MessageBoxA

• 0x4714cc SetForegroundWindow

• 0x4714d0 SystemParametersInfoA

• 0x4714d4 MsgWaitForMultipleObjects

• 0x4714d8 GetDC

• 0x4714dc ReleaseDC

• 0x4714e0 DestroyWindow

• 0x4714e4 ExitWindowsEx

• 0x4714e8 DefWindowProcA

• 0x4714ec PostMessageA

• 0x4714f0 IsDlgButtonChecked

• 0x4714f4 CheckRadioButton

• 0x4714f8 GetWindowTextLengthA

• 0x4714fc GetWindowTextA

• 0x471500 MessageBeep

• 0x471504 GetClientRect

• 0x471508 EnableWindow

• 0x47150c GetCursorPos

• 0x471510 LoadBitmapA

库: GDI32.dll:

• 0x4710d4 DeleteObject

• 0x4710d8 GetTextExtentPoint32A

• 0x4710dc GetObjectA

• 0x4710e0 CreateCompatibleDC

• 0x4710e4 SelectObject

• 0x4710e8 CreateCompatibleBitmap

• 0x4710ec DeleteDC

• 0x4710f0 CreateSolidBrush

• 0x4710f4 SetTextColor

• 0x4710f8 SetBkMode

• 0x4710fc SetBkColor

• 0x471100 CreateFontA

• 0x471104 CreatePatternBrush

• 0x471108 GetObjectType

• 0x47110c GetDeviceCaps

• 0x471110 CreateFontIndirectA

• 0x471114 BitBlt

库: comdlg32.dll:

• 0x471594 GetSaveFileNameA

库: ADVAPI32.dll:

• 0x471000 SetFileSecurityA

• 0x471004 FreeSid

• 0x471008 RegDeleteKeyA

• 0x47100c OpenSCManagerA

• 0x471010 OpenServiceA

• 0x471014 CloseServiceHandle

• 0x471018 QueryServiceStatus

• 0x47101c RegCreateKeyExA

• 0x471020 OpenProcessToken

• 0x471024 LookupPrivilegeValueA

• 0x471028 AdjustTokenPrivileges

• 0x47102c RegOpenKeyA

• 0x471030 RegCreateKeyA

• 0x471034 RegSetValueExA

• 0x471038 RegQueryValueExA

• 0x47103c RegOpenKeyExA

• 0x471040 RegCloseKey

• 0x471044 RegDeleteValueA

• 0x471048 GetSecurityDescriptorControl

• 0x47104c SetSecurityDescriptorDacl

• 0x471050 RegSetKeySecurity

• 0x471054 GetSidLengthRequired

• 0x471058 InitializeSid

• 0x47105c GetTokenInformation

• 0x471060 RegQueryValueA

• 0x471064 GetUserNameA

• 0x471068 RegEnumKeyExA

• 0x47106c CreateProcessAsUserA

• 0x471070 EnumDependentServicesA

• 0x471074 ControlService

• 0x471078 StartServiceA

• 0x47107c DeleteService

• 0x471080 CreateServiceA

• 0x471084 ChangeServiceConfigA

• 0x471088 GetSidSubAuthority

• 0x47108c RegQueryInfoKeyA

• 0x471090 AddAccessAllowedAce

• 0x471094 EqualSid

• 0x471098 GetAce

• 0x47109c AddAce

• 0x4710a0 InitializeAcl

• 0x4710a4 GetLengthSid

• 0x4710a8 GetAclInformation

• 0x4710ac GetSecurityDescriptorDacl

• 0x4710b0 InitializeSecurityDescriptor

• 0x4710b4 GetFileSecurityA

• 0x4710b8 AllocateAndInitializeSid

• 0x4710bc RegGetKeySecurity

库: SHELL32.dll:

• 0x47139c SHGetPathFromIDListA

• 0x4713a0 SHBrowseForFolderA

• 0x4713a4 ShellExecuteA

• 0x4713a8 Shell_NotifyIconA

• 0x4713ac ShellExecuteExA

• 0x4713b0 SHGetMalloc

库: ole32.dll:

• 0x4715a4 CoInitializeSecurity

• 0x4715a8 CoTaskMemRealloc

• 0x4715ac CoTaskMemAlloc

• 0x4715b0 CoTaskMemFree

• 0x4715b4 OleUninitialize

• 0x4715b8 CoInitialize

• 0x4715bc CoUninitialize

• 0x4715c0 CoCreateInstance

• 0x4715c4 OleInitialize

库: OLEAUT32.dll:

• 0x471360 None

• 0x471364 None

• 0x471368 None

• 0x47136c None

• 0x471370 None

• 0x471374 None

• 0x471378 None

• 0x47137c None

• 0x471380 None

• 0x471384 None

• 0x471388 None

• 0x47138c None

库: SHLWAPI.dll:

• 0x4713b8 PathRemoveFileSpecA

• 0x4713bc PathFileExistsA

• 0x4713c0 PathSkipRootA

库: COMCTL32.dll:

• 0x4710c4 ImageList_Create

• 0x4710c8 ImageList_AddMasked

• 0x4710cc InitCommonControlsEx

库: RPCRT4.dll:

• 0x471394 UuidCreate

库: WININET.dll:

• 0x471528 HttpOpenRequestA

• 0x47152c HttpAddRequestHeadersA

• 0x471530 HttpSendRequestA

• 0x471534 InternetReadFile

• 0x471538 InternetCrackUrlA

• 0x47153c InternetSetOptionA

• 0x471540 InternetOpenA

• 0x471544 InternetConnectA

• 0x471548 InternetAttemptConnect

• 0x47154c InternetCloseHandle

• 0x471550 HttpQueryInfoA

库: VERSION.dll:

• 0x471518 GetFileVersionInfoSizeA

• 0x47151c GetFileVersionInfoA

• 0x471520 VerQueryValueA

库: dbghelp.dll:

• 0x47159c MiniDumpWriteDump

库: WSOCK32.dll:

• 0x471558 None

• 0x47155c None

• 0x471560 None

• 0x471564 None

• 0x471568 None

• 0x47156c None

• 0x471570 None

• 0x471574 None

• 0x471578 None

• 0x47157c None

• 0x471580 None

• 0x471584 None

• 0x471588 None

• 0x47158c None

.text
`.rdata
@.data
.rsrc
L$TQj
D$(QRh
u'SWj
Sh@M@
D$TPj
t$ Vj
D$$Sh
v'h$ G
VhP G
t$dSj
|$ Pj
WPVUj
VUWPj
Wh "G
Phl"G
Ph4"G
Vht#G
Pht#G
|Xhx$G
|'hl$G
Xh`$G
7hT$G
~%hD$G
7h,%G
0h %G
D$$hP%G
t$$hD%G
WVQUj
D$4`!G
D$4`!G
QVh,#G
M(QhX'G
QWh@'G
0QRh,#G
Rh@'G
RQh8'G
Rh@'G
Rh,'G
Qh|&G
Qht&G
Qhl&G
Qh`&G
QhT&G
QhL&G
Qh@&G
M4Qh4&G
Qh$&G
0QRh,#G
0QRh,#G
SWhx%G
QSVWh0(G
PRhX)G
Vh8)G
PhX)G
D$0Ph
?h0(G
D$,hH#G
u&h,+G
Rh,'G
L$(hP%G
t$(hD%G
Ph8'G
Phl0G
PhD0G
Ph$0G
Phh/G
PhL/G
Phx.G
Ph$0G
Phl0G
PhD0G
Ph$0G
Phh/G
PhL/G
Phx.G
L$(QPh?
PPPh,1G
Vh,1G
Whh1G
Phh1G
PhT1G
PhH1G
Phl0G
PhD0G
Ph$0G
Phh/G
PhL/G
Phx.G
Phl0G
PhD0G
Ph$0G
Phh/G
PhL/G
Phx.G
Ph<2G
Ph@4G
3hx3G
PhP3G
Vh43G
tGh<6G
Ph|6G
USh\6G
PhP7G
Ph,7G
WShx8G
Ph48G
UVh$9G
PVhd:G
VhH:G
uRVh0:G
PWhd:G
PWhX9G
u1WhH:G
Wh89G
u@VhH:G
PVhX9G
Vh89G
SPhT;G
t@h,+G
D$<PQRh
L$0PQh(<G
Whp;G
Wh$=G
fhT1G
Mh41G
4hH1G
bhT1G
Ih41G
0hH1G
Sh(nG
QhHnG
L$@Qj
T$(RVj
D$0D,G
D$0(,G
D$0(,G
SWh$=G
WVh,#G
WSVhL>G
Sh(>G
~$h,+G
WVh,#G
WUVh|>G
UhX>G
L$XQj
;5,>H
;5,>H
Ph<@G
Ph<@G
Qhx@G
Qhx@G
t$ Vht#G
WRhTBG
t hDBG
t hDBG
L$@SQh CG
PQh|CG
uEhhCG
RhTCG
u8h@CG
L$$h\DG
L$$QhTDG
QRh8EG
QUh EG
H$WQh`GG
PhhFG
Ph8FG
t=hLGG
D$,Ph8HG
Rh8HG
D$$`!G
RhhHG
Rh\HG
T$0hLHG
VhdIG
VhDIG
L$ Qh$IG
t$dSj
|$ Qj
Wh<JG
uth<JG
Wh4JG
u5h(JG
VhHJG
Ph<JG
D$ `!G
PDh(KG
WhHKG
L$4Qj
T$4Rj
WQh\LG
WPh$LG
Ph<MG
VWQh\MG
SPhxNG
UQhPNG
WQh\LG
WPh$LG
WhHKG
WhxOG
PhdOG
WhTOG
Rh8OG
Vh,OG
ShxOG
PhdOG
t$dSj
|$ Pj
D$4`!G
D$0hHKG
T$0h|PG
L$ QhTDG
Vh4PG
QWShxQG
PXPh\QG
WhxQG
uAh0RG
t$dSj
|$ Pj
|$0hhRG
PDh`RG
t$dSj
D$$8SG
T$TRj
L$4Qj
|$ tAj
Ph@M@
Wht#G
Wht#G
Wht#G
D$LPQVVj
D$ Pj
WTRhDVG
SVh`VG
PQh`VG
Nlj j
D$@h,WG
}whHWG
}ghDWG
}Wh@WG
uFh8WG
uxhhWG
$hXWG
RhpWG
Rh,'G
Rh,'G
D$@,ZG
T$(Rj
F$|[G
F(|[G
QVh,+G
D$(hH\G
Ph\]G
D$ Pj
L$ Qj
D$(hH\G
\$$|2hx^G
Qhx^G
|2hl^G
Rhl^G
Vh`^G
VhT^G
VhH^G
Vh<^G
Vh0^G
Vh ^G
T$TPQRh
PVhD_G
D$$Pj
u'hLbG
u(Ph0aG
WQh8`G
t,h,+G
C$Ph0dG
k Uh$eG
Uh eG
Wh,eG
 Qh$eG
Qh4eG
D$0QPhHeG
D$0QPh@eG
$Wht#G
Pht#G
QhXeG
Wh(dG
t^<<uZj
<'u!Wj
L$LQj
D$$8dG
D$x8dG
Qhp*E
D$,t9j
D$ DmG
D$$@mG
D$(<mG
D$,8mG
D$04mG
D$40mG
PhdmG
L$0Qh
t$dSj
t-hPoG
SVWUj
Phd=G
j@hXxG
VWhhVG
u(9=XAH
9=PDH
9=PDH
t$hhVG
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
9=0CH
uU9=<CH
)9=0CH
9=(CH
uVh@CH
C9=tCH
95xCH
WSVPj
VWhpeG
D$DPsF
D$@0sF
|$$vL9|$ u%Sh
L$ RUPj
vector<T> too long
\\.\PhysicalDrive%d
SCSIDISK
\\.\Scsi%d:
GetAdaptersInfo
Iphlpapi.dll
>ProcID
%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}
RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
OpenProcessToken
Advapi32.dll
Explorer.exe
NtQuerySystemInformation
NtDll.dll
ProcessIdToSessionId
Kernel32.dll
SeShutdownPrivilege
%d+%d+%d+%d
SeDebugPrivilege
datapath
SOFTWARE\Rising\%s
[%04d-%02d-%02d][%02d:%02d:%02d:%03d]
2.log
[%04u]
[0x%08X]
[FATAL]
[ALERT]
[WAINNING]
[ACTION]
[DETAIL]
DEBUG
LOGNAME
RAV.INI
RS_DEBUG_VIEW
LOGSIZE
OUTPUT
LEVEL
Failed to call WTSQueryUserToken, err= 0x%x
WTSQueryUserToken
wtsapi32.DLL
Could not open pipe
SetBUInfo Successed.
ReadFile failed
WriteFile failed
SetNamedPipeHandleState failed
\\.\pipe\RISING_RSD_BU
SetBUInfo
%*.*f
ErrorCode
runas
/RUNAS %s
Failed to get NtQueryInformationProcess
Failed to call NtQueryInformationProcess.
Failed to load psapi.dll.
dwSize <0
hParent == NULL
GetModuleFileNameExA
Psapi.dll
NtQueryInformationProcess
Success AdjustPrivileges 
Fialed AdjustPrivileges 
Setup.exe End with ErrorCode: 0x%08X
rsd_r_info fail
rsd_r_info ok
http://center.rising.com.cn/LogCenter.asp?info=%s
Key=%s&v1=%s&v2=%s&v3=%s&v4=%s&v5=%s
RSDUninstall
Password
UserName
Authentication
PROXY
NETTYPE
NetTypeNo
\NetConfig.ini
SETUP
INSTALLPATH
%s\Data\%s\%s.ini
\Rising\RSD
setup.exe
InstallLocation
DisplayVersion
DisplayName
DisplayIcon
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
%s(%s)
SoftMain
DriverGenius
MainCon
utool
KSafe
360sd
QQPCSoftMgr
dep360
SoftManager
GetParentProcInfo [%s] [%s]
IsWow64Process
RavNetDB
WriteCan
unixcopy
setup
ScanBD
rssms
RsConfig
RsAgent
RNCltCfg
ReportView
RegClean
RavXP
RavVLC
RavUpgrd
RavUpdate
RavTray
RavTools
RavTimer
RavStore
RavSetup
RavService
RavSender
RavRemote
RavReceiver
RavMonD
RavMon
RavISvc
RavHDBak
RAVDOS
ravcopy
RavControl
RavBroker
RavAlert
RavAgent
MsAgent
MakeBoot
LogPack
LeakMgr
LangSet
InBuild
IEHisRep
CCenter
AlrtPlgInCfg
KERNEL32.DLL
SetTermsrvAppInstallMode
Version
Software\Microsoft\Internet Explorer
CreateInstance
map/set<T> too long
Rising
Admin Test
SYSTEM\CurrentControlSet\Services
>`DELETE
CHECK
WILLREBOOT
SetWillReboot(%d)
Failed to call QueryServiceStatus(RSD)! Err Code: %d
Failed to call OpenService(RSD)! Err Code: %d
RsMgrSvc
Failed to call OpenSCManager! Err Code: %d
\RsTest.ini
%DESKTOP%
%QUICKLAUNCH%
\label.dat
\Backup.ini
\Export.ini
COUNT
\XMLS\RSSetup.xml
\Setup.exe
\*.exe
\XMLS\Setup.xml
\os.xml
TITLE=
ACTIONID=
Label.dat
/PASS=
/LOOP=
/CUSTOM=
/PRODUCT=
/LANG=
/NOREBOOT
/AFTERREBOOT
/IGNOREDOWNLOAD
/RUNAS
/NEEDPREHANDLE
/SPANUPDATE
/ADDREMOVE
/UNINSTALL
/UPDATE
/REPAIR
/INSTALL
/SILENCE
/TRAY
 /PRODUCT=%s
 /LANG=%d
 /NOREBOOT
 /AFTERREBOOT
 /NEEDPREHANDLE
 /SPANUPDATE
 /ADDREMOVE
 /UNINSTALL
 /UPDATE
 /REPAIR
 /INSTALL
installpath
HKEY_LOCAL_MACHINE\SoftWare\Rising\%s
\Backup\
//INSTALLPATH
>`COMTREE
ITEM%d
STOPPED
TOPOSTHANDLE
LINKROOT
%LINKS%
UPDATEXMLURL
ACTIONID
PRODUCTUID
KEEPSETTINGS
PACKTYPE
YEARTYPE
ENCRYPT
SERVERNO
CENTERNO
OSVER
OSTYPE
HWTYPE
OEMID
FLOWNO
BATCHNO
EDITION
LIMIT
CLIENTNUM
SALETYPE
SNSUBTYPE
SNTYPE
DEFID
DEFSN
PUTQUICKLAUNCH
PUTDESKTOP
%04d-%02d-%2d %02d:%02d
TREEITEM
ORDER
INSTALLED
LANGUAGE
CODEPAGE
\Data\
The program only for one user in same time!
Local_RSD_Setup_%s
Global\Rising_RSD_Setup_%s
Rising_RSD_Setup_%s
CheckCanRunning...
\Backup\RSD\RSSetup\RSSetup.xml
RSSetup
\RSSetup.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\Rising\Settings\
UPDATE
\CompsVer.inf
AddPCAExclude return: %d
Open Key Failed!
Create Key Failed!
Catch Exception When AddPCAExclude!
Value is not found or is not valid
Query Value Failed! Return: %d
ExecutablesToExclude
%s\Setup.exe
Compatibility Assistant
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AddPCAExclude(%d)
list<T> too long
Setup.xml
\Setup.xml
\XMLS\
12345678.000
Create Temp Cfg From %s to %s
rd /s /q 
deltree /y 
 /s /q /f 
\DelSelf.bat
invalid map/set<T> iterator
\Data\*
DuplicateTokenEx
SetTokenInformation
CreateProcessWithTokenW
SetSecurityDescriptorControl
advapi32.dll
AddAccessAllowedAceEx
Backup
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
<!--%s-->
\StringFileInfo\%04hX%04hX\FileVersion
\VarFileInfo\Translation
 WinSessionThread GetPidByName dwPID = %d , name=%s!
WTSQueryUserToken Failed! Err Code: %d
Explorer is not running...
OpenProcess Failed! Err Code: %d
GetProcAddress(OpenProcessToken) Failed! Err Code: %d
OpenProcessToken Failed! Err Code: %d
Explorer is running...
GetLogonUserToken(%d)
CreateProcess2 Return: %d
LoadLibrary Failed! Err Code: %d
GetProcAddress CreateEnvironmentBlock or DestroyEnvironmentBlock Failed!
CreateEnvironmentBlock Failed! Err Code: %d
GetProcAddress DuplicateTokenEx Failed!
DuplicateTokenEx Failed! Err Code: %d
CreateProcessWithTokenW Failed! Err Code: %d
DestroyEnvironmentBlock
CreateEnvironmentBlock
Userenv.DLL
GetProcAddress CreateProcessWithTokenW Failed!
GetFileAttributes %s return: %d
Delete File %s fail, Err: %d
GetModuleHandle Failed!
GetProcAddress(Wow64DisableWow64FsRedirection) Failed!
Wow64DisableWow64FsRedirection Return: %d
Wow64DisableWow64FsRedirection
GetProcAddress(Wow64RevertWow64FsRedirection) Failed!
Wow64RevertWow64FsRedirection Return: %d
Wow64RevertWow64FsRedirection
RsInstallService(%s) Return: %d
ChangeServiceConfig Failed! Err Code: %d
CreateService Failed! Err Code: %d
OpenSCManager Failed! Err Code: %d
RsInstallService(%s)
RsUninstallService(%s) Return: %d
DeleteService Failed! Err Code: %d
OpenService Failed And Service Already Exist! Err Code: %d
RsUninstallService(%s)
OpenService Failed! Err Code: %d
LoadLibrary(Advapi32.dll) Failed!
RsSetServiceFailureAction(%s) Return: %d
GetProcAddress(%s) Failed!
ChangeServiceConfig2 Failed! Err Code: %d
ChangeServiceConfig2A
RsSetServiceFailureAction(%s)
Invalid Service Status!
No Progress...
QueryServiceStatus Failed! Err Code: %d
StartService Failed! Err Code: %d
Service is Running...
RsStartService(%s)
Wait for Service %s Time Out!
QueryServiceStatus(%s) Failed! Err Code: %d
ControlService(%s) SERVICE_CONTROL_STOP Failed! Err Code: %d
HeapAlloc Failed! Err Code: %d
EnumDependentServices Failed! Err Code: %d
Stop Service %s Dependencies...
%s's Stop is Pending...
Service %s is Stopped...
OpenService(%s) Failed! Err Code: %d
RsStopService(%s)
QUICKLANUCH
Rs%sInstallCom(%s) Return: %d
LoadLibrary(%s) Failed!
%s Failed! ErrMsg: %s
OleInitialize Failed!
DllUnregisterServer
DllRegisterServer
Rs%sInstallCom(%s)...
 WinSessionThread CreateProcess ret = %d end  !
 WinSessionThread CreateProcess LoadLibrary  Userenv err !
 WinSessionThread CreateProcess LoadLibrary  GetProcAddress err !
 WinSessionThread CreateProcess pid = %d, CreateProcessAsUser  err = %d !
WinSessionThread CreateProcess SetTokenInformation return value:4
WinSta0\Default
 WinSessionThread CreateProcess begin dwSessionID = %d!
 /ARGUMENT "
/RUN /BINPATH "
rename
WININIT.INI
[RENAME]
\WININIT.INI
HKEY_CURRENT_CONFIG
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
EnumProcessModules
EnumProcesses
"%s" %s
TEMPPATH
\RsMgrSvc.ini
Save DELETEPATH %s to RsMgrSvc.ini
DELETEPATH
Save REBOOTRUN %s to RsMgrSvc.ini
REBOOTRUN
Module32Next
%s Loaded By %s
EXPLORER.EXE
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
Failed to createDumpFile.LastError = %d
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
Exception---->Setup.exe Application .Dump path is "%s"
Setup.exe Begin----------------------------------
StopComponent(%s)...
StartComponent(%s)...
User Cancel!
Report Error!
Call Component %s Dll_PreHandle Return: 0x%08X
PreHandleComponentList...
Call Component %s Dll_PostHandle Return: 0x%08X
PostHandleComponentList...
Check XML File %s Failed
Check File %s Failed
BackUp XML File From: %s To %s
Delete XML Failed!
Delete XML File: %s
Copy XML Failed!
Copy XML File From: %s To %s
UninstallComponent
InstallComponent
Update
%s\RsMgrsvc.ini
URLInfoAbout
http://help.ikaka.com/
Publisher
Beijing Rising Information Technology, Inc.
UninstallString
%s\%s
"%s" /UNINSTALL /PRODUCT=%s
UnRegisterProduct
RegisterProduct
"%s" /UNINSTALL /PRODUCT=RSD
Delete File %s
Copy File From %s To %s
CompsVer.inf
UninstallSpecialFile
InstallSpecialFile
Copy Path From %s To %s
Down Load %s To Path: %s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\run
\Backup\RSD
InstallRSD...
RollBack...
RunFirstInstall Successfully...NeedReboot: %d
Product PostHandle Failed!
PostHandleComponentList Failed!
InstallComponentList Failed! Error Code: 0x%08X
PreHandleComponentList Failed! Error Code: 0x%08X
Product_PreHandle Need Reboot
Product_PreHandle Failed! Error Code: 0x%08X
BackUpComponentList Failed! Error Code: 0x%08X
CheckComponentList Failed! Error Code: 0x%08X
Install RSD Failed!
RunFirstInstall, AfterReboot: %d
Setup.exe Catch Exception %s
RavTmp: %s
\RavTmp
file not exist : %s
succeed to download %s
Failed to download %s. ErrCode = %d; hr = %d
Failed to verify %s
%s%s/%s%s.inf
CompsVer
Failed to get download url from %s
Download
URLLIST
VERSION
PRODUCT
RISING
Failed to load %s.
%s%s/%s/%s/%s
%s\%s\%s\%s
%s%s/%s/%s
%s\%s\%s
FILENAME
SOURCEPATH
Failed to get %s-ITEM.
Failed to get %s-FILES.
FILES
Failed to get %s-COMPONENT.
Download %s retry > 3
%s/%s/%s_xml.zip
%s\%s\%s.xml
%s%s/%s/%s.xml
Failed to get %s' newver from %s
Component
MACAddress
DiskSerial
Model
ProcessorId
 Win32_NetworkAdapter
 Win32_Processor
USERS
RUNAFTERUPDATE
RUNAFTERINSTALL
LINKS
REGISTS
SERVICE
CORRELATE
DEPEND
USEDLL
UPDATETIME
CODENAME
MUSTINSTALL
NEEDSPACE
NAMEID
ISPROCOM
CONTENT
INSTALLCONDITIONID
SELECT
DESCRIPEID
SUNIST
ACTION
REGVERKEY
REGKEYVALUE
REGKEYNAME
REGKEY
Set File %s Everyone Access Rights 0x%08X return: %d
Set File %s Users Access Rights 0x%08X return: %d
RUNOS
REPLACE
WOW64REDIRECT
UNINST
ISDATA
COMDLL
RAWSIZE
MOVEEX
RPSIZE
Delete File Return: %d, NeedReboot: %d
Skip Deleting File For Attribute No Uninstall...
Prepare To Delete File %s...
Back Up File From: %s To: %s Return: %d
Skip Backing Up File %s For Checked OK...
Skip Checking For Attribute Replace Lowver...
Skip Checking For Attribute No Replace...
Skip Checking For Attribute Data...
Skip Copying For Checked OK...
Copy File Return: %d, NeedReboot: %d
MoveFile From %s To %s
Prepare To Copy File From %s To %s...
ICONPATH
ARGUMENTS
ICONINDEX
TARGETSUBDIRID
TARGETDIR
Install Link Failed!
TaskbarPin = 0x%x
TaskbarPin
Install Link: %s
Delete Link: %s
TaskbarunPin = 0x%x
TaskbarunPin
Old Link File: %s
QUICKLAUNCH
DESKTOP
RtlGetVersion
UNKNOWN
MINORVER
MAJORVER
PLATFORMID
COMPONENTS
RUNBEFOREINSTALL
CONFLICT
SUBPRODUCT
SUBKEY
DEFNAME
RESERVESIZE
Set Key %s Everyone Access Rights 0x%08X return: %d
Set Key %s Users Access Rights 0x%08X return: %d
RESTORE
REGKEYDATATYPE
Install Key KeyName: %s, ValueName: %s, Value: %s, DataType: %d Return: %d
STRING
Backup Key Value Return: %d
microsoft\windows\currentversion\run
Restore Key Value Return: %d
UnInstall Key KeyName: %s, ValueName: %s Return: %d
TOKEN
WAITEND
SELECTED
SHOWSEL
 /TRAY
 /SLIENCE
Execute langsel.exe
langsel.exe
 /SILENCE
WIN64
WIN32
INTERVALTIME
COUNTDAYS
RESET
AFTER
SECOND
FIRST
PARAMS
LOADORDERGROUP
ERRCONTROL
STARTTYPE
DISPNAME
Setup Log (*.log)
*.log
%.2f M
A%d M
%DATADIR%
Need Reboot, Add DeletePath Task To Server: %s
No Reboot, RsDeletePath(%s)
%I64d
kernel32.dll
GetDiskFreeSpaceExA
\Rising\
*?"<>|
O0.000
ShowKeepSettings
\lics%d.txt
MS Shell Dlg
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}.bmp
CLASSPOINTER
STATIC
SystemRoot
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Group
\Rising
SHFolder.dll
SHGetFolderPathA
Shell32.dll
HKEY_LOCAL_MACHINE\%s\%s
SOFTWARE\Rising
SOFTWARE\Lotus\Notes
%snserver.exe
SOFTWARE\Lotus\Notes\4.0
SOFTWARE\Lotus\Domino
%sRsTest.ini
\system32
CommonFilesDir
Software\Microsoft\Windows\CurrentVersion
\Program Files
ProgramFilesDir
nserver.exe
DataPath
%PRODUCT%
%FIRSTPART%
%COMMONDIR%
%PROGRAMDIR%
%DOMINODATA%
%DOMINODIR%
%NOTESDIR%
%WINDIR%
%SYSDIR64%
%SYSDIR%
%REGISTER%
%INSTALL%
RisingPicVfyClass
SOIlo
Arial
\Microsoft\Internet Explorer\Quick Launch
\Application Data
AppData
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
\Profiles\All Users\Start Menu\Programs
Common Programs
\Start Menu\Programs
Programs
\Desktop
Desktop
SHGetSpecialFolderPathA
_GetRSModule@0
[INF]CRsConfigBase::InitializeRsConfig: GetPath(PathSize=%d),Result=0x%08X
[ERR]CRsConfigBase::InitializeRsConfig: QueryInterface RSIID_IRSCfgMgr Failed(Result=0x%08X)!
[ERR]CRsConfigBase::InitializeRsConfig: m_pAppEnv->GetConfig Failed!
[ERR]CRsConfigBase::InitializeRsConfig:CreateAppEnv Failed(Result=0x%08X).
RsConfig.cfg
[ERR]CRsConfigBase::InitializeRsConfig:QueryInterface RSIID_IRSAppMgr failed(Result=0x%08X).
[ERR]CRsConfigBase::InitializeRsConfig:CreateObject RSID_RSAppMgr failed(Result=0x%08X).
[ERR]CRsConfigBase::InitializeRsConfig: GetRsModule Failed!
RSAPPMGR.DLL
\RSAPPMGR.DLL
YYYIYOUDAO
comx3.dll
RS_ShutDown
RS_FreeCallCenter
RS_AllocateCallCenter
RS_UninitializeCallCenter
RS_InitializeCallCenter
bad cast
</%s>
<!--%s-->
standalone="%s" 
encoding="%s" 
version="%s" 
<?xml 
&#x%02X;
%s='%s'
%s="%s"
<![CDATA[
standalone="
encoding="
version="
Error parsing CDATA.
Error null (0) or unexpected EOF found in input stream.
Error document empty.
Error parsing Declaration.
Error parsing Comment.
Error parsing Unknown.
Error reading end tag.
Error: empty tag.
Error reading Attributes.
Error reading Element value.
Failed to read Element name
Error parsing Element.
Memory allocation failed.
Failed to open file
Error
No error
&apos;
&quot;
&amp;
<?xml
standalone
encoding
version
UTF-8
GetDLLObject
\RsLang.dll
Setup.dll
GetNetworkParams
NameServer
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\VxD\MSTCP
255.255.255.255
\system32\drivers\etc\hosts
\hosts
MSIE %d.%d
WININET.DLL
Windows
Windows Me
Windows 98
Windows 95
Windows NT %d.%d
%s:%d
proxy
<local>
Mozilla/4.0 (compatible; %s; %s; Rising)
close
Range: bytes=%d-
Accept-Language: zh-cn
Host: 
HTTP/1.0
http://
invalid string position
string too long
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
bad allocation
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
Buffer overrun detected!
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
`h````
(null)
CorExitProcess
mscoree.dll
e+000
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
Program: 
InitializeCriticalSectionAndSpinCount
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Paraguay
Uruguay
Chile
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spain
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#INF
1#IND
1#SNAN
.rstmp
1.1.3
 deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly 
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
C:\DistributedAutoLink\Temp\CompileOutputDir\Setup.pdb
DeviceIoControl
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentProcessId
GetLastError
InterlockedDecrement
GetPrivateProfileIntA
GetPrivateProfileStringA
GetLocalTime
lstrcpynA
GetFileAttributesA
WriteFile
SetFilePointer
MoveFileA
DeleteFileA
SetFileAttributesA
GetFileSize
GetModuleFileNameA
GetCurrentThreadId
TerminateThread
WaitForSingleObject
OutputDebugStringA
GetTickCount
GetModuleHandleA
OpenProcess
ReadFile
SetNamedPipeHandleState
WaitNamedPipeA
InterlockedIncrement
GetExitCodeProcess
GetCommandLineA
LocalFree
GetVersion
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetTempPathA
lstrcmpA
lstrlenW
FindNextFileA
FindClose
MultiByteToWideChar
SetLastError
GetFullPathNameA
FindFirstFileA
CreateMutexA
GetShortPathNameA
Sleep
CopyFileA
HeapFree
GetPrivateProfileSectionA
WritePrivateProfileStringA
WritePrivateProfileSectionA
CreateDirectoryA
FormatMessageA
lstrcatA
GetWindowsDirectoryA
RemoveDirectoryA
TerminateProcess
CreateProcessA
MoveFileExA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
SetUnhandledExceptionFilter
GetTempFileNameA
GetModuleHandleW
ResumeThread
SetThreadPriority
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
MulDiv
GlobalFree
GlobalAlloc
FlushFileBuffers
SetEndOfFile
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
KERNEL32.dll
UnregisterClassA
SetWindowLongA
wsprintfA
ShowWindow
LoadStringA
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SendMessageA
FindWindowA
IsWindow
wvsprintfA
CharLowerA
CharNextA
CreateDialogParamA
MessageBoxA
SetForegroundWindow
SystemParametersInfoA
MsgWaitForMultipleObjects
GetDC
ReleaseDC
DestroyWindow
ExitWindowsEx
DefWindowProcA
PostMessageA
EndDialog
SetWindowTextA
GetDlgItem
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
RedrawWindow
GetWindow
GetWindowRect
SetDlgItemTextA
MoveWindow
SetTimer
KillTimer
SetFocus
DialogBoxParamA
ScreenToClient
LoadBitmapA
GetCursorPos
EnableWindow
GetClientRect
MessageBeep
GetWindowTextA
GetWindowTextLengthA
CheckRadioButton
IsDlgButtonChecked
GetDlgItemTextA
GetWindowLongA
CallWindowProcA
GetDlgCtrlID
GetFocus
LoadCursorA
PostQuitMessage
IsWindowEnabled
SetActiveWindow
IsDialogMessageA
SetWindowPos
MapWindowPoints
GetParent
LoadImageA
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EndPaint
DrawTextExA
FillRect
BeginPaint
UpdateWindow
InvalidateRect
PtInRect
SetCursor
GetPropA
SetPropA
CreateWindowExA
RegisterClassExA
GetClassNameA
EnumChildWindows
USER32.dll
DeleteObject
CreateFontIndirectA
GetTextExtentPoint32A
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
CreateCompatibleBitmap
DeleteDC
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
CreateFontA
CreatePatternBrush
GetObjectType
GetDeviceCaps
GDI32.dll
GetSaveFileNameA
comdlg32.dll
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
FreeSid
SetFileSecurityA
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
EqualSid
GetAce
AddAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
AllocateAndInitializeSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegSetKeySecurity
RegGetKeySecurity
RegQueryInfoKeyA
ChangeServiceConfigA
CreateServiceA
DeleteService
StartServiceA
ControlService
EnumDependentServicesA
CreateProcessAsUserA
RegEnumKeyExA
GetUserNameA
RegQueryValueA
GetTokenInformation
ADVAPI32.dll
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHELL32.dll
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
ole32.dll
OLEAUT32.dll
PathSkipRootA
PathFileExistsA
PathRemoveFileSpecA
SHLWAPI.dll
InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
COMCTL32.dll
UuidCreate
RPCRT4.dll
InternetCloseHandle
InternetAttemptConnect
InternetConnectA
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
WININET.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
MiniDumpWriteDump
dbghelp.dll
WSOCK32.dll
ExitProcess
RtlUnwind
HeapReAlloc
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapSize
GetOEMCP
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVCAtlException@ATL@@
.?AVout_of_range@std@@
.PAVexception@@
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
welcome Rising*youarelawless!y2a3n4g5Y6U7q8i@S9I0N#A.C%O(M-)<>ABI993JIEM,;'{jkliewaqlsiqomv.z^iwaql}-_=+)_(l;2j2f90aslkjflkasjas32092JKLSJFbASAUI/Z/A[/,./|@~`FS'.Z,MF920SDLAFJKAL9320QFFMmlajfl,.<>//|348q9729|fjlail3jo798,ksafa302-s;akfa;=_++-0-_))0-0-p23is
welcome Rising*youarelawless!y2a$n4g5Y6U7q8i@S9I0N#A.C%O(M-)<>ABI99*JIEM,;'{jkliewaqlsiqomv.z^iwaql}-_=+)_(l;2j@f90aslkjflkasjas6j09kJKLSJFbASAUI/Z/A[/,./|@~`FS'.Z,MF920SDLAFJKAL9320QFFMmlajfl,.<>//|348q9729|fjlail3jo798,ksafa302-s;akfa;=_++-0-_))0-0-p^bis
.?AVbad_cast@@
.?AVfacet@locale@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVbad_alloc@std@@
Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AV_com_error@@
1.1.3
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
++++++++++,,5;;=D;7116666660000000000000//$/$$..$.$""""""""""""""""""# "=DGG=GGGGGGGGGGGGGGGGGGGGDBBB
!4'''''''4
$''''''
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WW\W\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\f\\_
fffff__
}____
hE____
E____
____E
}_f_E
Efh_E
hhhggggg
gfhhEggg
gffEgggg
jg}hhggggj
gZy\kkkkkllkllkf________f__}EE}Egggghgjjgk
XZyWW_klmmmmmmlf____f_____EfE}EEggggggjjjlk
mlff_Ef____}fE}EEEgggggggjjjhkl
Xyyy_fkmnnnnmlf_Ef_EfEfEEEEEgggggggjjjjklkk
jjjjklkll
Z}EZEhkmmnnmlffEEEEEhEhhhhggggggjjjjhklllll
ZZXZZZZEhfllllmllhhhhhhhhgggggggggjjjjjhlllllll
hggggggggggggjjjjjjjkllllllll
ggggjjjjjjjjhllllllllll
llllllllllll
llllllllllllll
llllllllllllllll
lllllllllllllllllll
llllllllllllllllllllllll
ZXX:X::X:::::::::::XXX
BXX:::::::::::::::
MswYB::::::::::::::
MsX::X::::::::::
t>:::::::::::
t::::::::::
M8>:>:::::
P>::::::
M>:::::
M8>:>:
p0:>Y
rNNrooop
MRsppooo
oqqqr
prqqq
Mpqqq
~~~~~~
~~~~~
5*(******(44(4(4(*((*(((G)2192bb=^b
(*55*5****************44* ''-'%%%%
******5*5**********4***4*%'''-''%
!****4*******444*****4***4%%%%%%%
*****************4*4**4*4*''''''
+*++*+*+*+++++4****4**+44('''''
!+*+*+*4*+44+*****++444+4+'-''
*+*+*+++++++*+++4+4+4+4+44'''
*++++*****+++++++++++++++(''
+++++++++++++++++++++++++''
+++++++++++++++++++++++++'
"++++++++++++++++++++++++*
"++++++++++++++++++++++++
+++++++++++#+#+#++++++++
#+#+#+##++++++++#+#+#++
###+##+#+#+#+##++++++#
####+#+#+#+#++#+#+#+#
"####################
"#####+#############
#####6############6
#6#6#6############
6666666##66###666
6666666####6#6#6
"666666666666666
"66666666666666
"6666666666666
#666666666666
6,6666666666
6,,,6,,6,66
,,,,66,,6,
6,,,,6,,,
,,,,,,6,
,,,,,,,
,,,,,,
,,,,,
[YYYYYYYYYYYYYYYYYYwYw
S[[[[[[[[[[[[YYYYYYYY
E]XXsssXssssX
HqqqqXqXX
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7777777777777770#$$EEEE
/haaaaaaaaaaaaaaaaaaaaaaaa
>VVVVVVVVVVVVVVVVVVVVVVVVV
UUUUUUUUUUUUUUUUUUUUUUUUUU
/MRRRRRRRRRRRRRRRRRRRRRRRRR
wOOOOOOOOOOOOOOOOOOOOOOOOOO
>PPPPPPPPPPPPPPPPPPPPPPPPPPP
rLLLLLLLLLLLLLLLLLLLLLLLLLLLL
ZNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
=<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>=================================
>:::::::::::::::::::::::::::::::::
>999999999999999999999999999999999
>777777777777777777777777777777777
>777777777777777777777777777777777
>,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
>+++++++++++++++++++++++++++++++++
>1********************************
>(%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>(((((((((((((((((((((((((((((((((
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
>#################################
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
?\cb<s
"3HNXW>GZV\hd1
=ghhhhK_`I<bW1
!!!!!!!!!!!!!
?\cb<s
"3HNXW>GZV\hd1
=ghhhhK_`I<bW1
!!!!!!!!!!!!!
kWinSta0\Default
APPID
dREGISTRY
Module_Raw
Module
unknown
Select * from 
root\cimv2
Pntdll.dll
(null)
MS Sans Serif
Welcome to Rising AntiVirus software setup program, this program will install Rising AntiVirus Software on your computer.
Warning: This program is perotected by copyright law and international treaty
It is strongly recommended to close all Windows program before running the setup program.
It is unauthorized to be copied or diffused, or part of it, must be punished by civil law and criminal law, and be punished most serious law permitted.
Click 'Cancel' to exit, then close all application. or Click 'Next' to continue.
MS Sans Serif
Press 'Next' to continue .
Online Help
Serial Number:
No Sn
User ID:
MS Sans Serif
You have installed the follow Anti-Virus softwares in your computer; Uninstall it please first!
SysListView32
&Select All
&Uninstall
&Refresh
MS Sans Serif
Please select Setup Mode:
&Add/Remove
&Repair
&Uninstall
add/remove descript
repair descript
uninstall descript
Password:
MS Sans Serif
I &Agree
I &Disagree
Please read the following licence agreement. Press 'PAGEDOWN' to read other parts of agreement.
MS Sans Serif
Setup program has enough information to copy program file. If you want to change setting, click 'Back'. If you satisfied with setting, click 'Next' to start copying files.
Current Setting:
Keep settings
MS Sans Serif
B&rowse...
SysListView32
List1
Install Rising software at:
Select different location:
Put Rav link on Desktop(&D).
Put Rav link on QuickLunch(&Q) Toolbar.
MS Sans Serif
Install complete infomation
Remove rising folder
SysListView32
List1
&Reboot system now
Remove RSD
MS Sans Serif
SysTreeView32
Tree1
This is the description of the choosen component
This module need %fM
Function
MS Sans Serif
msctls_progress32
Progress1
Checking target files.....
&Show detail
Rising Install System
MS Sans Serif
Main Title
Sub Title
Wizard Child
&Back
&Next
&Finish
&Cancel
MS Sans Serif
&Kill
&Cancel
&Refresh
MS Sans Serif
Verification code:
Unclear, please change.
Confirm:
Please confirm verification code.
MS Sans Serif
&Cancel
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Beijing Rising Information Technology Co., Ltd.
FileDescription
Rising Installation Program
FileVersion
1.1.0.8
InternalName
Beijing Rising Information Technology Co., Ltd.
LegalCopyright
Copyright(C) 2016-2017 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
OriginalFilename
Setup.EXE
ProductName
Rising Software Distribute System
ProductVersion
SpecialBuild
20160523170507343
VarFileInfo
Translation
ECan't create the destination folder, please check and input it again.APlease take off your CD avoiding to restart from CDROM next time.
9Loading Rising system memory scan engine, please wait... WFailed to load Rising system memory scan engine, please contact the software provider! 
Terminate memory scanning 
Result
Rising Installation Program(Installation has not finished, exit now? Ready to install, please wait...
Your current version is already included all functions of sigle machine version, It's not necessary to install single machine version. If it's necessary to upgrade, please upgrade the network version directly.
Export,Unable to Create File Folder: %s , continue?
$Please select the Installation Path.
Start Component:
Overwrite this folder?'Rising program requre IE5.0, Continue ?
Select other folder Please!
Continue Uninstall? Press OK to continue.
Continue to install Rising AntiVirus Software[version:%s]?
/Enter your User ID and click "Next" to continue
%Click "Next" to continue installation
Your Product Serial Number is: 
Update in progress
Uninstall in progress
Call component's interfaceVSetup program has finished installation of Rising AntiVirus Software on your computer.<Rising Anti-virus software has been uninstalled successfully9Rising Anti-virus software has been repaired successfully8Rising Anti-virus software has been checked successfully/You need reboot system to complete installation
Volume
Backup setup files...
Save config...
Check sourse file fail
Please select Setup Mode:'Setup program have prepare for install.
Total Need %.2f M
Found follow virus:
jSystem comctl32.dll version is lower than 4.70!\please upgrade it through installing IE4 or above version.
Clean virus failed
&Show detailIThere are not enough free disk spaces. Please free some spaces and retry.
!Version: %s       Update Date: %s
Password is error7update is completed, windows need reboot for copy file.
Canada
Verification code error!

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160827
MicroWorld-eScan	未发现病毒	20160827
nProtect	未发现病毒	20160827
CMC	未发现病毒	20160824
CAT-QuickHeal	未发现病毒	20160826
McAfee	未发现病毒	20160827
Malwarebytes	未发现病毒	20160827
Zillya	未发现病毒	20160826
TheHacker	未发现病毒	20160826
BitDefender	未发现病毒	20160827
K7GW	未发现病毒	20160827
K7AntiVirus	未发现病毒	20160827
TrendMicro	未发现病毒	20160827
Baidu	未发现病毒	20160827
F-Prot	未发现病毒	20160827
Symantec	未发现病毒	20160827
TotalDefense	未发现病毒	20160827
TrendMicro-HouseCall	未发现病毒	20160827
Avast	未发现病毒	20160827
ClamAV	未发现病毒	20160827
Kaspersky	未发现病毒	20160827
Alibaba	未发现病毒	20160826
NANO-Antivirus	未发现病毒	20160827
ViRobot	未发现病毒	20160827
AegisLab	未发现病毒	20160827
Rising	未发现病毒	20160827
Ad-Aware	未发现病毒	20160827
Sophos	未发现病毒	20160827
Comodo	未发现病毒	20160827
F-Secure	未发现病毒	20160827
DrWeb	未发现病毒	20160827
VIPRE	未发现病毒	20160827
Invincea	未发现病毒	20160826
McAfee-GW-Edition	未发现病毒	20160827
Emsisoft	未发现病毒	20160827
Cyren	未发现病毒	20160827
Jiangmin	未发现病毒	20160827
Avira	未发现病毒	20160827
Antiy-AVL	未发现病毒	20160827
Kingsoft	未发现病毒	20160827
Microsoft	未发现病毒	20160827
Arcabit	未发现病毒	20160827
SUPERAntiSpyware	未发现病毒	20160826
GData	未发现病毒	20160827
AhnLab-V3	未发现病毒	20160826
ALYac	未发现病毒	20160827
AVware	未发现病毒	20160827
VBA32	未发现病毒	20160826
Zoner	未发现病毒	20160827
ESET-NOD32	未发现病毒	20160827
Tencent	未发现病毒	20160827
Yandex	未发现病毒	20160826
Ikarus	未发现病毒	20160827
Fortinet	未发现病毒	20160827
AVG	未发现病毒	20160827
Panda	未发现病毒	20160827
CrowdStrike	未发现病毒	20160827
Qihoo-360	未发现病毒	20160827

进程树

Setup.exe id: 2776

搜索
Setup.exe (2776)

Setup.exe, PID: 2776, 上一级进程 PID: 2152

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	23.44.155.27	美国
否	122.228.22.102	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.70	51080	122.228.22.102 www.download.windowsupdate.com	80
192.168.122.70	51079	192.168.122.1	53
192.168.122.70	51081	23.44.155.27 ocsp.verisign.com	80
192.168.122.70	51082	23.44.155.27 ocsp.verisign.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.70	51435	192.168.122.1	53
192.168.122.70	53257	192.168.122.1	53
192.168.122.70	54315	192.168.122.1	53
192.168.122.70	56856	192.168.122.1	53
192.168.122.70	57997	192.168.122.1	53
192.168.122.70	59485	192.168.122.1	53
192.168.122.70	60702	192.168.122.1	53
192.168.122.70	61171	192.168.122.1	53
192.168.122.70	5355	192.168.122.69	53197
192.168.122.70	5355	192.168.122.69	64810

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.download.windowsupdate.com	CNAME fg.download.windowsupdate.com.mwcname.com CNAME ipv6microsoft.dlmix.ourdvs.com A 183.134.10.52 A 122.228.237.169 A 122.228.22.170 A 122.228.22.209 A 58.220.44.179 CNAME 2-01-3cf7-0009.cdx.cedexis.net A 183.131.67.42 A 115.231.84.168 A 122.228.237.147 A 122.228.205.24 A 122.228.22.102 A 183.134.24.72 A 183.134.53.144 A 115.231.158.74
ocsp.verisign.com	CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.44.155.27
sf.symcd.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.70	51080	122.228.22.102 www.download.windowsupdate.com	80
192.168.122.70	51079	192.168.122.1	53
192.168.122.70	51081	23.44.155.27 ocsp.verisign.com	80
192.168.122.70	51082	23.44.155.27 ocsp.verisign.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.70	51435	192.168.122.1	53
192.168.122.70	53257	192.168.122.1	53
192.168.122.70	54315	192.168.122.1	53
192.168.122.70	56856	192.168.122.1	53
192.168.122.70	57997	192.168.122.1	53
192.168.122.70	59485	192.168.122.1	53
192.168.122.70	60702	192.168.122.1	53
192.168.122.70	61171	192.168.122.1	53
192.168.122.70	5355	192.168.122.69	53197
192.168.122.70	5355	192.168.122.69	64810

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 86402 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 14 Jan 2016 00:22:10 GMT If-None-Match: "0e59c9b614ed11:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com
URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEDIqeMqxALS22aDMZsFrgC0%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEDIqeMqxALS22aDMZsFrgC0%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcd.com
URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEDIqeMqxALS22aDMZsFrgC0%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEDIqeMqxALS22aDMZsFrgC0%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcd.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	Setup.exe.log
相关文件	C:\Users\test\AppData\Local\Temp\Setup.exe.log
文件大小	499 字节
文件类型	ASCII text, with CRLF line terminators
MD5	006b9e76a202d9215d6f58021acc6a96
SHA1	ae3958f0505dd44003417f387184d6c2280c4025
SHA256	701aa971bb635938934642c3841da9ee9bd45b6388ba4cfcd28a6143b27a8242
CRC32	AA2B0BC3
Ssdeep	12:oLN3dAlQxNKb8dvKsNKbYgLNKbPaNKbZu+NdVdAZn:oLN3dAlQxNKb8disNKb1LNKbyNKbZu+0
	下载提交魔盾安全分析显示文本
[2016-05-21][16:07:38:348][2776][1248]: [DETAIL]Setup.exe Begin---------------------------------- [2016-05-21][16:07:38:364][2776][1248]: [DETAIL]"C:\Users\test\AppData\Local\Temp\Setup.exe" [2016-05-21][16:07:38:364][2776][1248]: [ACTION]Success AdjustPrivileges [2016-05-21][16:07:38:364][2776][1248]: [ACTION]hParent == NULL [2016-05-21][16:07:38:364][2776][1248]: [ACTION]GetParentProcInfo [0] [0] [2016-05-21][16:07:38:410][2776][1248]: [DETAIL]Setup.exe End with ErrorCode: 0x80000005

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 20.32 seconds )

16.042 NetworkAnalysis
1.373 Static
1.25 VirusTotal
0.53 BehaviorAnalysis
0.414 peid
0.26 TargetInfo
0.234 Dropped
0.162 Strings
0.03 AnalysisInfo
0.014 config_decoder
0.008 Debug
0.002 Memory
0.001 ProcessMemory

Signatures ( 0.182 seconds )

0.028 antiav_detectreg
0.018 stealth_timeout
0.012 infostealer_ftp
0.009 antiav_detectfile
0.007 bootkit
0.007 infostealer_im
0.006 persistence_autorun
0.006 antianalysis_detectreg
0.006 infostealer_bitcoin
0.005 mimics_filetime
0.005 stealth_file
0.005 virus
0.005 geodo_banking_trojan
0.005 infostealer_mail
0.004 reads_self
0.004 antivm_vbox_files
0.004 ransomware_files
0.003 antiemu_wine_func
0.003 antivm_generic_scsi
0.003 antivm_generic_disk
0.003 disables_browser_warn
0.002 tinba_behavior
0.002 network_anomaly
0.002 betabot_behavior
0.002 antivm_vbox_libs
0.002 shifu_behavior
0.002 modify_proxy
0.002 browser_security
0.002 md_domain_bl
0.002 network_torgateway
0.001 network_tor
0.001 antiav_avast_libs
0.001 antivm_generic_services
0.001 sets_autoconfig_url
0.001 kibex_behavior
0.001 vawtrak_behavior
0.001 antidbg_devices
0.001 antivm_generic_diskreg
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 darkcomet_regkeys
0.001 modify_uac_prompt
0.001 network_http
0.001 rat_pcclient

Reporting ( 2.884 seconds )

2.362 ReportPDF
0.509 ReportHTMLSummary
0.013 Malheur


Task ID	18299
Mongo ID	57ddf2ca4d3bd0391814a6e2
Cuckoo release	1.4-Maldun