Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

23, 0, 0, 14 37.50%
23, 0, 0, 9 62.50%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
OpenThreadToken, RevertToSelf, RegDeleteKeyW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegCloseKey, OpenSCManagerA, OpenServiceA, QueryServiceStatus, CloseServiceHandle, SetThreadToken
kernel32.dll
GetPrivateProfileStringA, FindResourceA, SizeofResource, LockResource, LoadResource, WideCharToMultiByte, FindResourceExA, GetFileAttributesA, WaitForSingleObjectEx, GetModuleHandleA, CreateEventA, GetVersionExA, Sleep, MultiByteToWideChar, GetLocalTime, SuspendThread, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, LoadLibraryA, GetProcAddress, FreeLibrary, CreateFileA, CloseHandle, SetUnhandledExceptionFilter, SetEvent, ReadFile, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, InterlockedIncrement, InterlockedDecrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, RaiseException, OpenEventA, OutputDebugStringA, OutputDebugStringW, GetLastError, lstrlenA, GetProcessHeap, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, HeapDestroy, VirtualAlloc, UnmapViewOfFile, GetSystemInfo, MapViewOfFile, CreateFileMappingA, GetCurrentThread, GetModuleFileNameW, RtlUnwind, GetCommandLineA, GetStartupInfoA, HeapValidate, IsBadReadPtr, UnhandledExceptionFilter, TlsGetValue, GetModuleHandleW, TlsAlloc, TlsSetValue, TlsFree, SetLastError, TerminateProcess, IsDebuggerPresent, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, DebugBreak, GetStdHandle, WriteFile, WriteConsoleW, GetFileType, ExitProcess, LoadLibraryW, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, HeapCreate, VirtualFree, FlushFileBuffers, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleFileNameA, GetThreadLocale, IsBadCodePtr, VirtualProtect, InterlockedExchange, WaitForSingleObject, lstrcpyA, lstrcpyW, lstrcpynW, GetVersion, OpenFileMappingA, IsBadWritePtr, VirtualQuery
ole32.dll
StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CoMarshalInterface, CreateStreamOnHGlobal, CoUnmarshalInterface, CoRevokeClassObject, CoRegisterClassObject, CoReleaseMarshalData
shlwapi.dll
PathRemoveExtensionA
user32.dll
DispatchMessageA, DispatchMessageW, TranslateMessage, GetMessageA, GetMessageW, IsWindowUnicode, PeekMessageA, MsgWaitForMultipleObjects

ravmond.exe

Rising AntiVirus 2011 by Beijing Rising Information Technology Corporation Limited (Signed)

Remove ravmond.exe
Version:   23, 0, 0, 14
MD5:   17b49df1efb0308534cbb8184a2c5e06
SHA1:   2aae0ba10101570d956e4b17bf6b3a84971fd9f4
SHA256:   1eb41f1288f34f2c544361d9a10e373a9d310d289bb8a75151efc3209e91fc91

What is ravmond.exe?

Belongs to Rising Antivirus by Rising, a Chinese software antivirus software company. Rising AV has real-time file monitor scanning as well as dynamic behavior analysis and web browser protection.

About ravmond.exe (from Beijing Rising Information Technology Corporation Limited)

Rising Antivirus protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. Ease of use, Active Defense technology, Patented Unknown Virus Scan&Clean

DetailsDetails

File name:ravmond.exe
Publisher:Beijing Rising Information Technology Co., Ltd.
Product name:Rising AntiVirus 2011
Description:ravmond
Typical file path:C:\Program Files\rising\rav\ravmond.exe
File version:23, 0, 0, 14
Product version:23.00
Size:163.62 KB (167,544 bytes)
Certificate
Issued to:Beijing Rising Information Technology Corporation Limited
Authority (CA):VeriSign
Expiration date:Sunday, July 22, 2012
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Rising Personal Firewall
 Beijing Rising Information Technology, Inc.
27% remove

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'RsRavMon' (Rav Service)
  • RsRavMon
Network connections
  • [TCP] 211.103.159.78:80

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.03976950%
    0.028634%
    Kernel CPU:0.03595660%
    0.013761%
    User CPU:0.00381290%
    0.014873%
    Kernel CPU time:2,047 ms/min
    100,923,805ms/min
    Context switches:80/sec
    284/sec
    Memory
    Private memory:22.59 MB
    21.59 MB
    Private (maximum):9.54 MB
    Private (minimum):6.67 MB
    Non-paged memory:22.59 MB
    21.59 MB
    Virtual memory:127.5 MB
    140.96 MB
    Virtual memory (peak):136.44 MB
    169.69 MB
    Working set:8.12 MB
    18.61 MB
    Working set (peak):21.93 MB
    37.95 MB
    Page faults:338,664/min
    2,039/min
    I/O
    I/O read transfer:1.96 KB/sec
    1.02 MB/min
    I/O read operations:2/sec
    343/min
    I/O write transfer:259 Bytes/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:153 Bytes/sec
    448.09 KB/min
    I/O other operations:8/sec
    1,671/min
    Resource allocations
    Threads:43
    12
    Handles:362
    600
    GUI GDI count:21
    103
    GUI USER count:4
    49

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:32-bit
    Command lines:
    • "C:\Program Files\rising\rav\ravmond.exe"
    • "C:\Program Files\rising\rfw\ravmond.exe"
    Owner:SYSTEM
    Windows Service
    Service name:RsRavMon
    Display name:Rav Service
    Type:Win32OwnProcess, InteractiveProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    bacore.dll (Rising MBA by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.39904061%
    0.272967%
    Kernel CPU:0.28230000%
    0.107585%
    User CPU:0.11674060%
    0.165382%
    Context switches:44/sec
    79/sec
    Memory:660 KB
    1.16 MB
    advapi32.dll (Advanced Windows 32 Base API by Microsoft)
    Total CPU:0.15597970%
    Kernel CPU:0.10711763%
    User CPU:0.04886207%
    Context switches:6/sec
    Memory:620 KB
    monbase.dll (Rising AntiVirus 2010 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.15182476%
    Kernel CPU:0.06845920%
    User CPU:0.08336556%
    Context switches:8/sec
    Memory:112 KB
    filemon.dll (Rising AntiVirus 2011 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00426148%
    Kernel CPU:0.00426148%
    User CPU:0.00000000%
    Memory:160 KB
    rfwproxy.dll (tcpproxy Dynamic Link Library by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00210726%
    Kernel CPU:0.00210726%
    User CPU:0.00000000%
    Memory:332 KB
    rstask.dll (Rising Antivirus 2011 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00210571%
    Kernel CPU:0.00210571%
    User CPU:0.00000000%
    Context switches:1/sec
    Memory:168 KB
    taskplug.dll (taskplug.dll by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00210040%
    Kernel CPU:0.00210040%
    User CPU:0.00000000%
    Memory:96 KB
    rsindent.dll (Rising AntiVirus 2011 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00122763%
    Kernel CPU:0.00079748%
    User CPU:0.00043015%
    Context switches:8/sec
    Memory:528 KB
    cnt09.dll (Rising AntiVirus 2010 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00046084%
    Kernel CPU:0.00036867%
    User CPU:0.00009217%
    Context switches:6/sec
    Memory:536 KB
    rscommx2.dll (Rising AntiVirus 2008 by Beijing Rising Information Technology Co., Ltd)
    Total CPU:0.00018435%
    Kernel CPU:0.00009217%
    User CPU:0.00009217%
    Context switches:11/sec
    Memory:144 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Microsoft Windows XP 37.50%
    Windows 7 Ultimate N 37.50%
    Windows 7 Ultimate 25.00%

    Distribution by countryDistribution by country

    United States installs about 37.50% of Rising AntiVirus 2011.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 100.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE