Researchers discovered a malware loader designed by its developers to hide in plain sight and allow the payload to evade detection by anti-malware solutions by injecting into the memory of compromised computers. The loader uses the infamous ‘Heaven’s Gate’ technique to hide API calls by switching to a 64-bit environment. The payload is hidden within the packed and obfuscated loader which will unpack it and inject it a legitimate RegAsm.exe process using the process-hollowing. process. This means that the payload is never written to the compromised machine’s disk.
Source: https://www.bleepingcomputer.com/news/security/malware-loader-goes-through-heavens-gate-to-avoid-detection/