CN105488414A - Method and system for preventing malicious codes from detecting virtual environments - Google Patents
Method and system for preventing malicious codes from detecting virtual environments Download PDFInfo
- Publication number
- CN105488414A CN105488414A CN201510619022.0A CN201510619022A CN105488414A CN 105488414 A CN105488414 A CN 105488414A CN 201510619022 A CN201510619022 A CN 201510619022A CN 105488414 A CN105488414 A CN 105488414A
- Authority
- CN
- China
- Prior art keywords
- data
- parameter
- malicious code
- virtual environment
- judgment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and system for preventing malicious codes from detecting virtual environments. The method comprises the steps of obtaining and analyzing malicious code samples to obtain judging conditions for judging the virtual environments; extracting parameters or data and an API interface used in the judging conditions; and hooking the API, obtaining parameters or data in the virtual environments, judging whether the parameters or the data in the virtual environments are same as the parameters or the data used in the judging conditions or not one by one, if yes, randomly modifying or generating new parameters or data according to the format of the parameters or the data to replace the original parameters or data, triggering and executing the related malicious codes. The invention also provides the corresponding system structure. Through the method provided by the invention, the virtual environments can be effectively prevented from being detected by the malicious codes.
Description
Technical field
The present invention relates to computer network security field, particularly a kind of method and system preventing malicious code detecting visual environment.
Background technology
Along with the development of computer technology, people are also more and more stronger with dependence to the demand of computer information technology.Production, the life of people all be unable to do without computer technology.Widely using also along with the safety problem of computing machine of computing machine.Some order about or the wrong direction of values due to interests, utilize computer security leak, are stolen, destroy, cause economic loss to people to computer system by the computerized information of rogue program to user.In order to prevent the deterioration of this phenomenon, a series of virus investigation antivirus software of computer security staff development, detection computations machine rogue program.And in order to the analysis of hiding antivirus software or virus analysis software and killing, computer rogue program is also constantly update, hide look into free to kill in done and much covered up.The physical machine used due to virtual environment (as sandbox environment or virtual machine environment) and user has certain difference in system environments.Malicious code is by judging that to the contrast of these environmentally user profile data this environment is the virtual environment of user environment or virus or trojan horse detection.If detect the testing environment into malicious code, it by exit perform or carry out code carrier from deletion action.The environment measuring behavioral implications of this malicious code is to the analysis of virus and detection.
Summary of the invention
The present invention is directed to the problems referred to above and propose a kind of method and system preventing malicious code detecting visual environment, solve virtual environment and identified by malicious code, and the problem that detects cannot be carried out.
Prevent a method for malicious code detecting visual environment, comprising:
Obtain malicious code sample, analyzing described malicious code sample, obtaining the Rule of judgment for judging virtual environment;
Extract the parameter or data that use in described Rule of judgment, and the api interface used;
API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if, then according to the form of described parameter or data, random amendment or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger and perform relevant malicious code; Otherwise directly trigger and perform relevant malicious code.
In described method, described virtual environment comprises virtual machine and sandbox.
In described method, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
In described method,
Described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
Prevent a system for malicious code detecting visual environment, comprising:
Sample analysis module, for obtaining malicious code sample, analyzes described malicious code sample, obtains the Rule of judgment for judging virtual environment;
Parameter extraction module, for extracting the parameter or data that use in described Rule of judgment, and the api interface used;
Data modification module, for API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if so, then according to the form of described parameter or data, revise at random or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger the relevant malicious code of execution; Otherwise directly trigger and perform relevant malicious code.
In described system, described virtual environment comprises virtual machine and sandbox.
In described system, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
In described system, described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
The present invention considers the multiple method of malicious code identification virtual environment, by integrated registration table, user name, special file path, the information such as script language environment, the API that HOOK identifies these information, the amendment of dynamic random is used for, by the data as virtual environment distinguishing mark, preventing the detection of malicious code.
The present invention proposes a kind of method and system preventing malicious code detecting visual environment, described method is by obtaining and analyzing malicious code sample for judging the Rule of judgment of virtual environment; Extract the parameter or data that use in Rule of judgment, and the api interface used; API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if, then according to the form of parameter or data, random amendment or generate new parameter or data and replace raw parameter or data, and trigger and perform relevant malicious code.The present invention is also corresponding provides system architecture.By method of the present invention, virtual environment can be effectively made to hide out the detection of malicious code.
Accompanying drawing explanation
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of embodiment of the method process flow diagram preventing malicious code detecting visual environment;
Fig. 2 is a kind of system embodiment structural representation preventing malicious code detecting visual environment.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the present invention better, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail.
The present invention is directed to the problems referred to above and propose a kind of method preventing malicious code detecting visual environment, solve virtual environment and identified by malicious code, and the problem that detects cannot be carried out.
Prevent a method for malicious code detecting visual environment, as shown in Figure 1, comprising:
S101: obtain malicious code sample, analyzing described malicious code sample, obtaining the Rule of judgment for judging virtual environment;
S102: extract the parameter or data that use in described Rule of judgment, and the api interface used;
API described in S103:HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if, then according to the form of described parameter or data, random amendment or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger and perform relevant malicious code; Otherwise directly trigger and perform relevant malicious code.
In described method, described virtual environment comprises virtual machine and sandbox.
In described method, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
In described method,
Described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
For better understanding the parameter or data that use in the described Rule of judgment of above-mentioned extraction, API described in HOOK also judges whether described parameter or data are characteristic parameter or data, are illustrated respectively to the contrast of foregoing.
For parameter acquiring, at least comprise acquisition:
LpNameBuffer in GetUserNameEx;
LpFilename in GetModuleFileName;
HModule, lpProcName in GetProcAddress;
HKey, lpSubKey, samDesired in RegOpenKeyEx;
HKey, lpValueName, lpData in RegQueryValueEx;
SzExefile in Process32Next inside PROCESSENTRY32 structure;
FileInformation etc. in ZwQueryDirectoryFile.
For the judgement of operation system information parameter or data, can comprise:
The operating system user name obtained, judge whether the operating system user name obtained is " MALTEST ", " TEQUILABOOMBOOM ", " SANDBOX ", " VIRUS ", " MALWARE " etc., all operating system user names that can be used to as sandbox or virtual machine environment identification all can be used as characteristic parameter or data, if, then randomization generates data, replace above-mentioned character, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study;
Obtain system service feature string, as whether the characteristic character in the fullpath of the file of current process load-on module is: all feature strings that can be used to as sandbox or virtual machine environment identification such as " SAMPLE ", " VIRUS ", " SANDBOX ", if, then randomization generates data, replace above-mentioned character, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study;
Or to judge in the registration table that obtains operating system ID: Microsoft Windows under CurrentVersion product IDs key assignments whether be following value:
55274-640-2673064-23950(JoeBox);
76487-644-3177037-23510(CWSandbox);
76487-337-8429955-22614(Anubis);
Etc. all product IDs key assignments that can be used to the registration table regarding sandbox or virtual machine environment identification, if so, randomization generates the data of same format, replaces initial value, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study;
Obtain development environment, judge whether there are all script language environment that can be used to as sandbox or virtual machine environment identification such as python.exe process in the process name obtained, if had, randomization amendment process name, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study.
For the judgement of hardware information parameter or data, can comprise:
Obtain BIOS relevant information, in the registration table obtained as judged: in HARDWARE DEVICEMAP Scsi ScsiPort0 ScsiBus0 TargetId0 LogicalUnitId0, whether the value of Identifier is all data that can be used to the registration table key assignments regarding sandbox or virtual machine environment identification such as QEMU, SandBox, VMware, Smaple, if, randomization generates data, the key assignments data of substitute I dentifier, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study;
Obtain device map information, the registration table obtained as judged: in HARDWARE Description System, whether the value of VideoBiosVersion is all data that can be used to the registration table key assignments regarding sandbox or virtual machine environment identification such as VIRTUALBOX, QEMU, BOCHS, SandBox, VMware, Smaple, if, randomization generates data, replace the key assignments data of VideoBiosVersion, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study;
Obtain core CPU number, whether the CPU number given tacit consent in sandbox or virtual machine as judged is 1, and if so, then revising CPU number is main force's computer CPU number, and then directly trigger and perform relevant malicious code, for facility is with in automated analysis and security study.
Prevent a system for malicious code detecting visual environment, as shown in Figure 2, comprising:
Sample analysis module 201, for obtaining malicious code sample, analyzes described malicious code sample, obtains the Rule of judgment for judging virtual environment;
Parameter extraction module 202, for extracting the parameter or data that use in described Rule of judgment, and the api interface used;
Data modification module 203, for API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if so, then according to the form of described parameter or data, revise at random or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger the relevant malicious code of execution; Otherwise directly trigger and perform relevant malicious code.
In described system, described virtual environment comprises virtual machine and sandbox.
In described system, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
In described system, described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
The present invention considers the multiple method of malicious code identification virtual environment, by integrated registration table, user name, special file path, the information such as script language environment, HOOK carries out identification API to these information, and the amendment of dynamic randomization is used for, by the data as virtual environment distinguishing mark, preventing the detection of malicious code.
The present invention proposes a kind of method and system preventing malicious code detecting visual environment, described method is by obtaining and analyzing malicious code sample for judging the Rule of judgment of virtual environment; Extract the parameter or data that use in Rule of judgment, and the api interface used; API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if, then according to the form of parameter or data, random amendment or generate new parameter or data and replace raw parameter or data, and trigger and perform relevant malicious code.The present invention is also corresponding provides system architecture.By method of the present invention, virtual environment can be effectively made to hide out the detection of malicious code.
Although depict the present invention by embodiment, those of ordinary skill in the art know, the present invention has many distortion and change and do not depart from spirit of the present invention, and the claim appended by wishing comprises these distortion and change and do not depart from spirit of the present invention.
Claims (8)
1. prevent a method for malicious code detecting visual environment, it is characterized in that, comprising:
Obtain malicious code sample, analyzing described malicious code sample, obtaining the Rule of judgment for judging virtual environment;
Extract the parameter or data that use in described Rule of judgment, and the api interface used;
API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if, then according to the form of described parameter or data, random amendment or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger and perform relevant malicious code; Otherwise directly trigger and perform relevant malicious code.
2. the method for claim 1, is characterized in that, described virtual environment comprises virtual machine and sandbox.
3. the method for claim 1, is characterized in that, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
4. method as claimed in claim 3, it is characterized in that, described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
5. prevent a system for malicious code detecting visual environment, it is characterized in that, comprising:
Sample analysis module, for obtaining malicious code sample, analyzes described malicious code sample, obtains the Rule of judgment for judging virtual environment;
Parameter extraction module, for extracting the parameter or data that use in described Rule of judgment, and the api interface used;
Data modification module, for API described in HOOK, obtain the parameter in virtual environment or data, judge one by one parameter in described virtual environment or data whether identical with the parameter used in described Rule of judgment or data, if so, then according to the form of described parameter or data, revise at random or generate new parameter or data replace original parameter or data, or revise the rreturn value of described API, and trigger the relevant malicious code of execution; Otherwise directly trigger and perform relevant malicious code.
6. system as claimed in claim 5, it is characterized in that, described virtual environment comprises virtual machine and sandbox.
7. system as claimed in claim 5, is characterized in that, described for judging that the Rule of judgment of virtual environment comprises: operation system information and hardware information.
8. system as claimed in claim 7, it is characterized in that, described operation system information comprises: operating system user name, system service feature string and exploitation script language environment;
Described hardware information comprises: BIOS information, device map information and CPU quantity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510619022.0A CN105488414A (en) | 2015-09-25 | 2015-09-25 | Method and system for preventing malicious codes from detecting virtual environments |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510619022.0A CN105488414A (en) | 2015-09-25 | 2015-09-25 | Method and system for preventing malicious codes from detecting virtual environments |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105488414A true CN105488414A (en) | 2016-04-13 |
Family
ID=55675388
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510619022.0A Pending CN105488414A (en) | 2015-09-25 | 2015-09-25 | Method and system for preventing malicious codes from detecting virtual environments |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105488414A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107292164A (en) * | 2017-06-16 | 2017-10-24 | 郑州云海信息技术有限公司 | A kind of intelligent sandbox design method obscured based on state and device |
KR101803890B1 (en) * | 2017-01-18 | 2017-12-04 | 한국인터넷진흥원 | Method and Apparatus for Detecting Evasive Malware |
CN107704757A (en) * | 2017-09-22 | 2018-02-16 | 成都知道创宇信息技术有限公司 | The method that the open Python user programs interface of safety is realized using pypy sandbox modes |
CN108171055A (en) * | 2016-12-08 | 2018-06-15 | 武汉安天信息技术有限责任公司 | A kind of remote control malicious code behavior triggering method and system |
CN109684826A (en) * | 2018-01-15 | 2019-04-26 | 北京微步在线科技有限公司 | Anti- method and the electronic equipment of escaping of application program sandbox |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102750484A (en) * | 2012-06-28 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method and device for preventing virus sample self-checking |
CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
CN103040696A (en) * | 2011-10-14 | 2013-04-17 | 涂波 | Cleansing and whitening gel |
CN103049696A (en) * | 2012-11-21 | 2013-04-17 | 北京神州绿盟信息安全科技股份有限公司 | Virtual machine identification dodging method and device |
CN104751057A (en) * | 2015-03-13 | 2015-07-01 | 安一恒通(北京)科技有限公司 | Method and device used for enhancing safety of computer system |
-
2015
- 2015-09-25 CN CN201510619022.0A patent/CN105488414A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103040696A (en) * | 2011-10-14 | 2013-04-17 | 涂波 | Cleansing and whitening gel |
CN102750484A (en) * | 2012-06-28 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method and device for preventing virus sample self-checking |
CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
CN103049696A (en) * | 2012-11-21 | 2013-04-17 | 北京神州绿盟信息安全科技股份有限公司 | Virtual machine identification dodging method and device |
CN104751057A (en) * | 2015-03-13 | 2015-07-01 | 安一恒通(北京)科技有限公司 | Method and device used for enhancing safety of computer system |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108171055A (en) * | 2016-12-08 | 2018-06-15 | 武汉安天信息技术有限责任公司 | A kind of remote control malicious code behavior triggering method and system |
KR101803890B1 (en) * | 2017-01-18 | 2017-12-04 | 한국인터넷진흥원 | Method and Apparatus for Detecting Evasive Malware |
CN107292164A (en) * | 2017-06-16 | 2017-10-24 | 郑州云海信息技术有限公司 | A kind of intelligent sandbox design method obscured based on state and device |
CN107704757A (en) * | 2017-09-22 | 2018-02-16 | 成都知道创宇信息技术有限公司 | The method that the open Python user programs interface of safety is realized using pypy sandbox modes |
CN109684826A (en) * | 2018-01-15 | 2019-04-26 | 北京微步在线科技有限公司 | Anti- method and the electronic equipment of escaping of application program sandbox |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10114946B2 (en) | Method and device for detecting malicious code in an intelligent terminal | |
Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
US10397261B2 (en) | Identifying device, identifying method and identifying program | |
Bacci et al. | Impact of Code Obfuscation on Android Malware Detection based on Static and Dynamic Analysis. | |
CN105488414A (en) | Method and system for preventing malicious codes from detecting virtual environments | |
CN111639337B (en) | Unknown malicious code detection method and system for massive Windows software | |
CN106951780A (en) | Beat again the static detection method and device of bag malicious application | |
CN106611122A (en) | Virtual execution-based unknown malicious program offline detection system | |
US20170214704A1 (en) | Method and device for feature extraction | |
CN105046152B (en) | Malware detection method based on function call graph fingerprint | |
KR20110119918A (en) | Apparatus, system and method for detecting malicious code injected with fraud into normal process | |
CN103294951B (en) | A kind of malicious code sample extracting method based on document type bug and system | |
JP6711000B2 (en) | Information processing apparatus, virus detection method, and program | |
CN104462962B (en) | A kind of method for detecting unknown malicious code and binary vulnerability | |
JP6000465B2 (en) | Process inspection apparatus, process inspection program, and process inspection method | |
JP2019514119A (en) | Hybrid Program Binary Feature Extraction and Comparison | |
Pandey et al. | Performance of malware detection tools: A comparison | |
CN106650438A (en) | Method and device for detecting baleful programs | |
CN105718793A (en) | Method and system for preventing malicious code from identifying sandbox on the basis of sandbox environment modification | |
CN106301979B (en) | Method and system for detecting abnormal channel | |
WO2015067170A1 (en) | Method and system for analyzing android application program | |
CN108171057B (en) | Android platform malicious software detection method based on feature matching | |
CN103971055B (en) | A kind of Android malware detection method based on program slicing technique | |
CN103902906A (en) | Mobile terminal malicious code detecting method and system based on application icon | |
CN112395603B (en) | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160413 |