Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
uses library: https://github.com/hasherezade/libpeconv.git
Clone:
Use recursive clone to get the repo together with the submodule:
git clone --recursive https://github.com/hasherezade/pe-sieve.git
Latest builds*:
*those builds are available for testing and they may be ahead of the official release:
32-bit
64-bit
Download Pe-Sieve
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
uses library: https://github.com/hasherezade/libpeconv.git
Clone:
Use recursive clone to get the repo together with the submodule:
git clone --recursive https://github.com/hasherezade/pe-sieve.git
Latest builds*:
*those builds are available for testing and they may be ahead of the official release:
32-bit
64-bit
Download Pe-Sieve