AfterDawn | News | Guides | Software downloads | Tech Support | Forums | HIGH.FI
AfterDawn.com

Phrozen RunPE Detector v1.0.5640 Build 65324

Freeware
Vista / Win10 / Win7 / Win8 / WinXP
Phrozen RunPE Detector can detect the presence of a hijacked process in Windows.

Many RATs use a technique called RunPE which spawns a legitimate process in Windows (e.g. web browser) and then injects malicious code directly into memory, tricking the computer into treating the malicious code as a legitimate, safe process.

You can use to tool to detect the presence of a hijacked process in Windows and can even scan through the file system for application files to compare the PE Headers to the malicious process, potentially finding the source malware.

For now it is limited to scanning 32-bit processes but will run on 64-bit Windows, and as of now most malware is still compiled in 32-bit architecture and run on 64-bit systems, so it shouldn't impede the program too much.

Screenshots:

Phrozen RunPE Detector v1.0.5640 Build 65324

Keywords:
phrozen runpe detector malware rat detect hijacked process

License type Freeware1
Author's homepage Visit the author's site
Date added 28 May 2016
Downloads 57
File size 2.51 MB (<1min @ 1Mbps)
Supported languages English
Operating systems Vista / Win10 / Win7 / Win8 / WinXP1

1License and operating system information is based on latest version of the software.

If you do not have an AfterDawn.com accout yet, please enter a nickname and your email address below.

We will send an account activation link to the email address you provide, so please make sure to use a valid address. Content will be published on site after you have activated your account.

If you already have an AfterDawn.com account, please login using the next tab.

Login by using your AfterDawn username or your email address.

(No user ratings yet)