Phrozen RunPE Detector v1.0.5640 Build 65324
Freeware
Vista / Win10 / Win7 / Win8 / WinXP
Vista / Win10 / Win7 / Win8 / WinXP
Phrozen RunPE Detector can detect the presence of a hijacked process in Windows.
Many RATs use a technique called RunPE which spawns a legitimate process in Windows (e.g. web browser) and then injects malicious code directly into memory, tricking the computer into treating the malicious code as a legitimate, safe process.
You can use to tool to detect the presence of a hijacked process in Windows and can even scan through the file system for application files to compare the PE Headers to the malicious process, potentially finding the source malware.
For now it is limited to scanning 32-bit processes but will run on 64-bit Windows, and as of now most malware is still compiled in 32-bit architecture and run on 64-bit systems, so it shouldn't impede the program too much.
Many RATs use a technique called RunPE which spawns a legitimate process in Windows (e.g. web browser) and then injects malicious code directly into memory, tricking the computer into treating the malicious code as a legitimate, safe process.
You can use to tool to detect the presence of a hijacked process in Windows and can even scan through the file system for application files to compare the PE Headers to the malicious process, potentially finding the source malware.
For now it is limited to scanning 32-bit processes but will run on 64-bit Windows, and as of now most malware is still compiled in 32-bit architecture and run on 64-bit systems, so it shouldn't impede the program too much.
Screenshots:
HTML code for linking to this page:
Keywords:
phrozen runpe detector
malware
rat
detect hijacked process
License type
Freeware1
Author's homepage
Visit the author's site
Date added
29 May 2016
Downloads
105
File size
2.51 MB
(<1min @ 1Mbps)
Supported languages
English
Operating systems
Vista / Win10 / Win7 / Win8 / WinXP1
1License and operating system information is based on latest version of the software.
(No user ratings yet)
