ReflectDL.exe

Macrium Reflect Package Download

Paramount Software UK Ltd

The executable ReflectDL.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from updates.macrium.com.
Publisher:
Paramount Software UK Ltd

Product:
Macrium Reflect Package Download

Version:
6, 0, 553, 0

MD5:
4e9d14f5b5a18ed6634afbdd806bf219

SHA-1:
3c9a6b733b0514c386d1223bfdcef5e3939c8f52

SHA-256:
ba78cc33d70919b0c378a1e96f9532ef71cc86c8d7b99bc0e4bab793f18953cb

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/25/2024 5:11:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4591

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1226.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
3.4 MB (3,611,088 bytes)

Product version:
6, 0, 553, 0

Copyright:
(c) Paramount Software. All rights reserved.

Original file name:
ReflectDL.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\reflectdl.exe

File PE Metadata
Compilation timestamp:
4/2/2015 6:18:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:GmCz05/zVqXvBZhLLa9aVumYarWIDOINQuH6DTtLG19LeDwgQjBLLlHS:G9zspevBLpVZrWIDOISMx7iwhVk

Entry address:
0x80424

Entry point:
69, F7, 46, EE, D1, 94, EB, 02, 8B, DA, 89, C1, 85, D6, 8D, 10, 69, F3, 0A, 0C, 35, 7F, 4B, EB, 02, 89, CD, 49, C6, C0, 27, E8, 55, 00, 00, 00, FF, CD, F7, C0, 7D, 18, 86, 46, 81, FE, 38, B5, 00, 00, 78, 03, 0F, BF, F1, 4A, FE, C4, 3B, EF, 75, 0A, 8D, 35, B1, 07, BA, 96, 46, 48, 84, D4, 8D, 0B, 0F, CE, 84, C4, 51, C6, C4, A6, 5A, 0F, AF, CA, 85, EB, 52, 8D, 0D, 4B, A1, 2D, 16, 5D, 0F, BF, C7, 8D, 7D, 00, C7, C2, 7A, 97, 4D, F7, EB, 06, 8D, 0D, A5, 94, 4F, 63, 2B, DF, 0F, B6, FF, 08, DC, 88, CD, 3B, D6, 5B...
 
[+]

Code size:
1.7 MB (1,773,056 bytes)

The file ReflectDL.exe has been seen being distributed by the following URL.

Remove ReflectDL.exe - Powered by Reason Core Security