ReflectiveDLLInjector

Reflective DLL injector targeting svchost.exe. Internal name SvchostInjector.x64.dll. ReflectiveLoader fileless injection. Direct NTDLL syscall access for ETW/AV bypass. Process enumeration via CreateToolhelp32Snapshot. Memory-mapped injection. 128-char AES key config string.

Threat Profile
Type Loader
Programming LanguageC/C++
C2 ProtocolNamed Pipe/C2
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Process Injection/Fileless Loader
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

ReflectiveDLLInjector out.dll -- SvchostInjector.x64.dll Dahili Isim, ReflectiveLoader Dosyasiz Enjeksiyon, ntdll.dll Direkt Syscall ETW AV Bypass, CreateToolhelp32Snapshot Process32FirstW Hedef Proses Tespiti | Kritik

ReflectiveDLLInjector out.dll x64. SvchostInjector.x64.dll dahili isim. ReflectiveLoader dosyasiz enjeksiyon. ntdll.dll direkt syscall ETW AV bypass. CreateToolhelp32Snapshot Process32FirstW hedef proses tespiti.

Read Report →