You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
reflective-loading
About this tag
Reflective loading is a code injection technique used by malware to load a DLL or executable directly from memory without relying on the standard Windows loader. This method bypasses traditional file-based detection and avoids writing malicious payloads to disk. On WindowsForum.com, discussions about reflective loading often appear in the context of advanced malware analysis and threat research, such as the Silver Fox campaign that uses reflective loading to deploy the ValleyRAT backdoor. The technique is frequently paired with Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software. Understanding reflective loading is important for security professionals and IT administrators who need to defend against memory-only threats that evade conventional antivirus and endpoint detection systems.
Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...