Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

  Our merchandise, sold here, helps keep the site alive.  


Facebook Follow @GeekOnTheLoose




 Home » OlderGeeks.com Freeware Downloads » Searching Files   
Search Results
Files
  File Name Rating Downloads
Last Update/Developer
PE-sieve v0.1.6 32bit
PE-sieve v0.1.6 32bit PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Usage It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments: When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type. In case if some modified modules has been detected, they are dumped into a folder of a given process, for example: JSON report specifies where the implants were found: Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder. Short history & features from the author Detecting inline hooks and patches I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here: With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool. In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file. Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to. The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...
5/5 717 Apr 18, 2019
Hasherezade
PE-sieve v0.1.6 64bit
PE-sieve v0.1.6 64bit PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Usage It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments: When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type. In case if some modified modules has been detected, they are dumped into a folder of a given process, for example: JSON report specifies where the implants were found: Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder. Short history & features from the author Detecting inline hooks and patches I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here: With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool. In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file. Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to. The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...
5/5 745 Apr 18, 2019
Hasherezade
   
Showing rows 1 to 2 of 2 Showing Page 1 of 1  1 


Copyright (c) 2019


Tweets by @GeekOnTheLoose