Phrozen RunPE Detector v1.0.5640 Build 65324
Freeware
Vista / Win10 / Win7 / Win8 / WinXP
Vista / Win10 / Win7 / Win8 / WinXP
Phrozen RunPE Detector can detect the presence of a hijacked process in Windows.
Many RATs use a technique called RunPE which spawns a legitimate process in Windows (e.g. web browser) and then injects malicious code directly into memory, tricking the computer into treating the malicious code as a legitimate, safe process.
You can use to tool to detect the presence of a hijacked process in Windows and can even scan through the file system for application files to compare the PE Headers to the malicious process, potentially finding the source malware.
For now it is limited to scanning 32-bit processes but will run on 64-bit Windows, and as of now most malware is still compiled in 32-bit architecture and run on 64-bit systems, so it shouldn't impede the program too much.
Many RATs use a technique called RunPE which spawns a legitimate process in Windows (e.g. web browser) and then injects malicious code directly into memory, tricking the computer into treating the malicious code as a legitimate, safe process.
You can use to tool to detect the presence of a hijacked process in Windows and can even scan through the file system for application files to compare the PE Headers to the malicious process, potentially finding the source malware.
For now it is limited to scanning 32-bit processes but will run on 64-bit Windows, and as of now most malware is still compiled in 32-bit architecture and run on 64-bit systems, so it shouldn't impede the program too much.
HTML code om naar deze pagina te linken:
Licentietype
Freeware1
Auteurs homepage
Bezoek de website van de auteur
Datum waarop toegevoegd
29 May 2016
Downloads
12
Bestandsgrootte
2.51 MB
(<1min @ 1Mbps)
Ondersteunde talen
Engels
Besturingssystemen
Vista / Win10 / Win7 / Win8 / WinXP1
1De licentie en de besturingssysteem informatie is gebaseerd op de laatste versie van de software.
Nog geen beoordelingen van gebruikers