--> PE-sieve <-- is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis.

Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным: icerix, Lambda, Crawler

а где же репозиторий pe-bear?

-----
От многой мудрости много скорби, и умножающий знание умножает печаль

| Сообщение посчитали полезным:

ajax пишет:
а где же репозиторий pe-bear?



--> PE-bear releases <--

WARNING: PE-bear is not open source - you will find here the builds only.
Yet, the PE parser from PE-bear is open source and available here:--> bearparser <--

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным: ajax

PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis.
Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Обновился до --> v 0.2.5 <--

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным:

Обновился до --> [VERSION] 0.2.7.1. Updated pe-sieve. <--

And --> hollows_hunter <--: Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным: