a variant of Win32/Rising.B potentially unwanted
a variant of Win32/Rising.B potentially unwanted also known as Backdoor.Xyligan, Artemis!66233F5FFCFF, Riskware.Agent!. Malware Analysis of a variant of Win32/Rising.B potentially unwanted – INS1256858.EXE Created files: %COMMON APPDATA%\RISING\RAC\RAV.INI %TEMP%\DD5F92973F5A145EF5DA0F32B5E0A39A.JSON %TEMP%\INS1256858.EXE.LOG %TEMP%\NSSD2D1.TMP\1.RAR %TEMP%\NSSD2D1.TMP\9377MYCS_Y_MGAZ2_01.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe””…