» ReflectDL.exe
Overview
Analysis
File Details
Downloads (1)

ReflectDL.exe

Macrium Reflect Package Download

Paramount Software UK Ltd

The executable ReflectDL.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from updates.macrium.com.

File name:

ReflectDL.exe

Publisher:

Paramount Software UK Ltd

Product:

Macrium Reflect Package Download

Version:

6, 0, 553, 0

MD5:

4e9d14f5b5a18ed6634afbdd806bf219

SHA-1:

3c9a6b733b0514c386d1223bfdcef5e3939c8f52

SHA-256:

ba78cc33d70919b0c378a1e96f9532ef71cc86c8d7b99bc0e4bab793f18953cb

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 4:30:20 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4591

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Virut.AI!Generic

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1226.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

3.4 MB (3,611,088 bytes)

Product version:

6, 0, 553, 0

Original file name:

ReflectDL.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\reflectdl.exe

File PE Metadata

Compilation timestamp:

4/2/2015 6:18:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:GmCz05/zVqXvBZhLLa9aVumYarWIDOINQuH6DTtLG19LeDwgQjBLLlHS:G9zspevBLpVZrWIDOISMx7iwhVk

Entry address:

0x80424

Entry point:

69, F7, 46, EE, D1, 94, EB, 02, 8B, DA, 89, C1, 85, D6, 8D, 10, 69, F3, 0A, 0C, 35, 7F, 4B, EB, 02, 89, CD, 49, C6, C0, 27, E8, 55, 00, 00, 00, FF, CD, F7, C0, 7D, 18, 86, 46, 81, FE, 38, B5, 00, 00, 78, 03, 0F, BF, F1, 4A, FE, C4, 3B, EF, 75, 0A, 8D, 35, B1, 07, BA, 96, 46, 48, 84, D4, 8D, 0B, 0F, CE, 84, C4, 51, C6, C4, A6, 5A, 0F, AF, CA, 85, EB, 52, 8D, 0D, 4B, A1, 2D, 16, 5D, 0F, BF, C7, 8D, 7D, 00, C7, C2, 7A, 97, 4D, F7, EB, 06, 8D, 0D, A5, 94, 4F, 63, 2B, DF, 0F, B6, FF, 08, DC, 88, CD, 3B, D6, 5B... 
[+]

Code size:

1.7 MB (1,773,056 bytes)

The file ReflectDL.exe has been seen being distributed by the following URL.

http://updates.macrium.com/reflect/.../ReflectDL.exe

Remove ReflectDL.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.