Files | ||||
File Name | Rating | Downloads | ||
![]() |
hollows_hunter v0.3.4 hollows_hunter v0.3.4 Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). Hollows Hunter allows you to scan your full system, searching for potentially malicious implants, and extract them for further analysis. It is an application based on PE-sieve (DLL version), so there is a big overlap of the features between those two. They have a similar command-line interface, but while PE-sieve is an engine dedicated to scanning a single process, Hollows Hunter offers many additional features and filters on the top of this base. More information about similarities and differences described here. Start by familiarizing yourself with PE-sieve by reading the PE-sieve's Wiki. Changes: v0.3.4 2-10-22 Updated PE-sieve (v0.3.4): Supported changes in the implementation of /mignore Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution. This download is for the 64bit version. If you need the 32bit version, download here. Click here to visit the author's website. |
![]() |
3,919 | Feb 11, 2022 HASHEREZADE ![]() |
Showing rows 1 to 1 of 1 | Showing Page 1 of 1 | 1 |
OlderGeeks.com Copyright (c) 2025