Jump to content
Nytro

PE-sieve

By Nytro, in Programe securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

PE-sieve

Build status License GitHub release Github All Releases Twitter URL

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Uses library: https://github.com/hasherezade/libpeconv.git

FAQ - Frequently Asked Questions

Clone:

Use recursive clone to get the repo together with the submodule: 

git clone --recursive https://github.com/hasherezade/pe-sieve.git

Latest builds*:

*those builds are available for testing and they may be ahead of the official release:

Read more:

Wiki: https://github.com/hasherezade/pe-sieve/wiki

logo by Baran Pirinçal

 

Sursa: https://github.com/hasherezade/pe-sieve

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...