Malware

Troj/Reflekt-B malicious file

Malware Removal

The Troj/Reflekt-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Reflekt-B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the PyInstaller malware family
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Troj/Reflekt-B?



File Info:

name: B2D54F31EED7EE5E8F92.mlw
path: /opt/CAPEv2/storage/binaries/42aaf720cf1a698f29c479eb141adc4895d54a4843310fcabc63252e67ae63d2
crc32: F22682EA
md5: b2d54f31eed7ee5e8f9298f946bc3623
sha1: 48790b82c68d52132baff751571ba32ca693df2d
sha256: 42aaf720cf1a698f29c479eb141adc4895d54a4843310fcabc63252e67ae63d2
sha512: f2b2a3285a9e1db5cb360bae1dedf878128a6cb4821df0edad05f5165f0f5e9c23e899de6b590e6dfa4e914a78d953b0d76a212f26a5a2f8ed9dc9b343707b77
ssdeep: 196608:1eEbGXVnICteEroXxoczlxZV3Gu5D4S267ygEGPt2CS30j8kg8ETL0DWcjKdCra:cEOInEroXF14S2D7qcDnTLxca
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14BB63386B35409ADDDD942F2F411C12D4D7D762C2384620F2A9BAE264FA7EEBFD64700
sha3_384: 9f8547eae379d59feb7d63bacebd16c881ee686f6f795521ecccbe76863525705a32df48da28fc6c47f69c1e426fdd6b
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-27 22:16:20


Version Info:

Translation: 0x0000 0x04b0
CompanyName: skyexchange
FileDescription: momentcreature
FileVersion: 2.27.75.31
InternalName: cvv-checker[sk] by Malek.exe
LegalCopyright: fresh © exile
OriginalFilename: cvv-checker[sk] by Malek.exe
ProductName: council
ProductVersion: 2.27.75.31
Assembly Version: 2.27.75.31

Troj/Reflekt-B also known as:

MicroWorld-eScanGen:Variant.Razy.490172
FireEyeGeneric.mg.b2d54f31eed7ee5e
CAT-QuickHealTrojan.Generic.TRFH5
McAfeePacked-PM!B2D54F31EED7
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.1eed7e
BaiduMSIL.Backdoor.Bladabindi.a
CyrenW32/MSIL_Kryptik.CRY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ElasticWindows.Trojan.Njrat
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.FKI
APEXMalicious
AvastMSIL:Agent-DRD [Trj]
ClamAVWin.Packed.Generic-9795615-0
KasperskyTrojan.MSIL.Disfa.bqd
BitDefenderGen:Variant.Razy.490172
TencentTrojan.Win32.Bladabindi.16000442
Ad-AwareGen:Variant.Razy.490172
EmsisoftGen:Variant.Razy.490172 (B)
ComodoTrojWare.MSIL.Bladabindi.C@57iw6e
F-SecureTrojan.TR/Dropper.Gen7
DrWebTrojan.DownLoader24.51648
McAfee-GW-EditionPacked-PM!B2D54F31EED7
Trapminemalicious.moderate.ml.score
SophosTroj/Reflekt-B
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen7
MicrosoftTrojan:MSIL/Remcos.PH!MTB
ArcabitTrojan.Razy.D77ABC
ZoneAlarmTrojan.MSIL.Disfa.bqd
GDataGen:Variant.Razy.490172
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.C4216995
Acronissuspicious
VBA32Trojan.MSIL.Disfa
ALYacGen:Variant.Razy.490172
MAXmalware (ai score=81)
MalwarebytesBladabindi.Backdoor.Njrat.DDS
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
IkarusTrojan.MSIL.Krypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CoinMiner.DTL!tr
BitDefenderThetaGen:NN.ZemsilF.34742.@p0@aKBdWFi
AVGMSIL:Agent-DRD [Trj]

How to remove Troj/Reflekt-B?

Troj/Reflekt-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment