Adware PUA

About “Beijing Rising Adware (PUA)” infection

Malware Removal

The Beijing Rising Adware (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Beijing Rising Adware (PUA) virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Beijing Rising Adware (PUA)?



File Info:

name: 72570FB47F9A4BAE2173.mlw
path: /opt/CAPEv2/storage/binaries/63f5dbf74ccf09a856911fd00ea28a89ee8f64eeb0d3deac624ea425d29284a8
crc32: 8FF1B31F
md5: 72570fb47f9a4bae217341f5a0d8d44a
sha1: a04ecbfa5d6b57fc722004bcc9bd56961d28e0ee
sha256: 63f5dbf74ccf09a856911fd00ea28a89ee8f64eeb0d3deac624ea425d29284a8
sha512: 1fc12af3fa305385551c9205a21f2ce4c14d85822267782ba7b16d93b5ffe4e48a4047b63259cbd2f7423e9a790f2333f48278c3e69a613569ff85c90b885338
ssdeep: 393216:a45g3/gRObiLOemh3Gr8KWwgRy4JPkYREsmHd2tkR:a9kObzGdWDRyUj0Uo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E1D633AC5EB44CC5CA57B732CC1488D6FCA0CA197DEB81FADA6D594C1FE6E058223163
sha3_384: ceb667b582c163e836a028b0b6506a62cb85366c3f3309768d8886dfed1c2445406af0ffd5a8d46fc71d4a8afb0b197f
ep_bytes: 60be00b051008dbe0060eeff57eb0b90
timestamp: 2013-12-26 01:17:54


Version Info:

0: [No Data]

Beijing Rising Adware (PUA) also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
SkyhighBehavesLike.Win32.Generic.rc
ZillyaTrojan.Refinka.Win32.1779
ESET-NOD32a variant of Win32/Rising.A potentially unwanted
SophosBeijing Rising Adware (PUA)
JiangminDownloader.Agent.ljf
Antiy-AVLGrayWare/Win32.Rising
GoogleDetected
McAfeeGenericRXMO-ID!694E18047C9D
YandexRiskware.Agent!jjp1PGL6jUk
IkarusPUA.Rising
FortinetRiskware/Rising

How to remove Beijing Rising Adware (PUA)?

Beijing Rising Adware (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment