RunPE Detector

October 22, 2016

Phrozen RunPE Detector is a security program, especially designed to detect and defeat some suspicious processes using a generic method.

October 27, 2016

Related tool:

October 29, 2016

Here a simple anti Phrozen RunPE Detector

This solution can bypass Phrozen RunPE Detector on memory!

I spent 30 minutes on this lame security software ( Phrozen RunPE Detector )

Edited October 29, 2016 by RDGMax

October 29, 2016

the target is detected:

First uploaded 2016-10-29 21:52:20 GMT

Last scanned 2016-10-29 21:52:20 GMT

Filetype Win32 Executable Microsoft Visual Basic 6

File size 524 KB

MD5 B162D7E8A29DA06EF22F7C3AFF270E05

SHA1 EC6013FB643ED49C22DA2DB51B0DBD1D21C3DB64

SHA256 0BD6FB12A8454C28663F2F773CC3C9E765B55D409461F50CCEEA3C852509D4C8

If you use write Process memory so that wrong way to protect runpe method.

Really I'm not interested to analyze a detected target by virus scan engine.

Regards

October 30, 2016

'wrong way' ? you mean we're not allowed to use apis to patch the process memory of runpe ?

October 31, 2016

12 hours ago, evlncrn8 said:

'wrong way' ? you mean we're not allowed to use apis to patch the process memory of runpe ?

no i did not meant you're own process i meant the detector memory, actually writing to runpe memory is good but not enough to make it FUD.

tray to run the protected by DRGMax and RunPE Detector inside sandboxie then double click on the runpe, then you'll sea the different.

take a look at this tool:

by the way this topic is not a Anti-RunPE challenge, it is just to inform about Phrozen RunPE Detector.

Regards

Edited October 31, 2016 by Amer

November 7, 2016

Negative result in case anti dump Method (Zero Memory or Move Memory).

Recommended Posts