Threat Hunter Anti-Malware/Anti-Rootkit Software

Malware and Rootkit Detection and Removal

Threat Hunter searches your system for malware and rootkits and eliminates them. By employing many of the same techniques used to make  hostile software and Advanced Persistent Threats, Threat Hunter is able to detect and eradicate even the most persistent and hard-to-locate malicious code.

Threat Hunter’s technology is based on years of experience analyzing hundreds of breaches and invasive cyber events, combined with advanced AI and machine learning techniques. The result is the most powerful system available for finding and eradicating malicious software from a wide range of operating systems.

1: Recon Agents use low level system access (Ring0) and advanced AI to detect suspicious activity that is indicative of malware and rootkit activity, for example, floating code or hidden drivers.

2: Tactical Agents are deployed to remediate detected malicious code using process killing, file deletion and quarantining tools to clean and secure compromised system elements.

3: Command Center coordinates all actions by Recon and Tactical agents, allowing user/analysts to track all activity in real time. Multiple analysts have access to the Command Center both locally and via the web, allowing subject matter experts from anywhere in the world to collaborate and assist in both analysis and remediation efforts.

Advanced Detection Engine

  • Service and process validation
  • Compare API, direct memory and direct disk access results to detect anomalies, hidden services, drivers, etc.
  • Real-time unpacking (reduced false positives)
  • API and physical memory dumps
  • Hook and injection detection
  • Direct injection and code injection
  • IAT/EAT hooks
  • Dump comparison
  • Heuristic behavior analysis of running code
  • Code morphing and gadget detection (experimental)
  • Floating code detection
  • Extract full memory dump or individual images
  • File validation
  • Compare API, direct disk access and VM results to detect
    anomalies in files (hidden, modified, etc.)
  • Real-time unpacking and “on-the-fly” VM execution (reduced false positives)
  • API, physical, VM and direct MFT comparison
  • Heuristic behavior analysis based on capabilities
  • Monitoring for “gadgetization”
  • Code morphing
  • Signature validation
  • Registry analysis using API and direct access
  • Offline comparison
  • Search for executable code by file content
  • Maintain file listings of executable for root cause analysis
  • Map infected systems
  • Monitor creation of executable code
  • Remediate with powerful process killing, file deletion and quarantining tools