RdrServicesUpdater2_x86.exe identified as malware by Cylance Protect AV

Hello mryta,

I am also having the same issue with Sentinel One. The file has no publisher Name, Signer Identity and the Signature Verification is NotSigned. Please help. Thanks.

Threat Info:
  Name: RdrServicesUpdater2_x86.exe

  Path: \Device\HarddiskVolume3\Users\(removed)\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RdrServicesUpdater2_x86.exe
  Process User: (removed)
  Signature Verification: NotSigned
  Originating Process: AdobeARM.exe
  SHA1: b32663dbd680b520723f64655a2fd1c1de740e94
  SHA256: 3686fd3c0e95da9e66cf508743aba605d2ba0ab3f85fc66ef8b24bde507d4924
  Initiated By: Agent Policy
  Engine: On-Write Static AI - Suspicious
  Detection type: Static
  Classification: Malware
  File Size: 844.92 KB
  Storyline: 12E07C6C958ACE03
  Threat Id: 2255392265702697509

Threat indicators:
Abnormalities

This binary contains abnormal section names which could be an indication that it was created with non-standard development tools
General

This binary imports functions used to raise kernel exceptions
This binary imports debugger functions
File can delete registry values
MITRE : Defense Evasion [MODIFY REGISTRY]
File can print debug messages
Persistence

File can persist through the Winlogon Helper DLL registry key
MITRE : Persistence [WINLOGON HELPER DLL]
File can persist through Run registry key
MITRE : Persistence [REGISTRY RUN KEYS / STARTUP FOLDER]
File can set registry values
File can copy files
File can create or open registry keys
File can create or open files
File can set thread local storage values
File can allocate thread local storage
File can create a mutex
File can write to files on Windows
Discovery

File can retrieve the image file name of a process
File can list process modules
MITRE : Discovery [PROCESS DISCOVERY]
File can retrieve disk size
MITRE : Discovery [SYSTEM INFORMATION DISCOVERY]
File can retrieve the size of files
MITRE : Discovery [FILE AND DIRECTORY DISCOVERY]
File can retrieve file attributes
File can list files on Windows
MITRE : Discovery [FILE AND DIRECTORY DISCOVERY]
File can retrieve common file paths
MITRE : Discovery [FILE AND DIRECTORY DISCOVERY]
File can check for the existence of a mutex
File can retrieve thread local storage values
File can query or list registry values
MITRE : Discovery [QUERY REGISTRY]
File can list running processes
MITRE : Discovery [PROCESS DISCOVERY]
MITRE : Discovery [SOFTWARE DISCOVERY]
File can retrieve system information on Windows
MITRE : Discovery [SYSTEM INFORMATION DISCOVERY]
File can query environment variables
MITRE : Discovery [SYSTEM INFORMATION DISCOVERY]
File can retrieve geographical location
MITRE : Discovery [SYSTEM LOCATION DISCOVERY]
Evasion

File can delay its execution
Execution

File can create threads
File can encrypt data using Salsa20 or ChaCha
MITRE : Defense Evasion [OBFUSCATED FILES OR INFORMATION]
File can dynamically link functions at runtime
MITRE : Execution [SHARED MODULES]
File has capability to open another process
File can allocate memory
File can terminate processes
File can create processes on Windows
File can modify environment variables
File can accept command line arguments
MITRE : Execution [COMMAND AND SCRIPTING INTERPRETER]
File can extract resources with kernel32 functions
Impact

File can delete files
File can encrypt data using OpenSSL RSA
Command and Control

File can receive data
File can download from a URL
Credential Access

File can compare security identifiers
Collection

File can read files on Windows
File contains SQL statements
MITRE : Collection [DATA FROM INFORMATION REPOSITORIES]
Defense Evasion

File can check for OutputDebugString error