One of my customers use Hitman Pro antivirus and it’s returning a false positive. I contact Hitman Pro to clear the false positive and they are asking me the following question:
“Our team has analyzed your application and they are seeing some particularly strange behavior.
Is there any particular reason to start the mapped PE file on the heap via an APC instead of calling it directly or via an own created thread?”
Can you please advise?