GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hasherezade → Pe Sieve

hasherezade / Pe Sieve

Licence: bsd-2-clause
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language
CMake
9771 projects
shell
77523 projects

Labels

malware-analysishookingscansanti-malwarepe-formatpe-analyzermemory-forensicspe-dumperlibpeconvprocess-analyzerpe-sieve

Projects that are alternatives of or similar to Pe Sieve

Anti-Debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 297 (-83.34%)
Mutual labels:  anti-malware, malware-analysis
bank mitigations
Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo
Stars: ✭ 17 (-99.05%)
Mutual labels:  anti-malware, hooking
calamity
A script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-98.65%)
Mutual labels:  malware-analysis, memory-forensics
MCAntiMalware
Anti-Malware for minecraft
Stars: ✭ 182 (-89.79%)
Mutual labels:  anti-malware, malware-analysis
Pepper
PE (x86) and PE+ (x64) files viewer, based on libpe.
Stars: ✭ 65 (-96.35%)
Mutual labels:  pe-format, pe-analyzer
Flare Fakenet Ng
[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Stars: ✭ 1,214 (-31.91%)
Mutual labels:  malware-analysis
Vm setup
A collection of scripts to initialize a windows VM to run all the malwares!
Stars: ✭ 101 (-94.34%)
Mutual labels:  malware-analysis
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+472.74%)
Mutual labels:  malware-analysis
Saydog Framework
Saydog Framework
Stars: ✭ 71 (-96.02%)
Mutual labels:  malware-analysis
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-93.94%)
Mutual labels:  malware-analysis
Nfr
A lightweight tool to score network traffic and flag anomalies
Stars: ✭ 104 (-94.17%)
Mutual labels:  malware-analysis
Fundamentos Engenharia Reversa
Livro: Fundamentos de Engenharia Reversa
Stars: ✭ 93 (-94.78%)
Mutual labels:  malware-analysis
Rxbluetoothkit
iOS & OSX Bluetooth library for RxSwift
Stars: ✭ 1,213 (-31.97%)
Mutual labels:  scans
Macholibre
Mach-O & Universal Binary Parser
Stars: ✭ 102 (-94.28%)
Mutual labels:  malware-analysis
Urmem
[x86] Simple C++11 header-only cross-platform memhack library (hooks, patches, pointers, sig scan)
Stars: ✭ 76 (-95.74%)
Mutual labels:  hooking
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (-21.82%)
Mutual labels:  malware-analysis
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-96.13%)
Mutual labels:  malware-analysis
Florentino
Fast Static File Analysis Framework
Stars: ✭ 92 (-94.84%)
Mutual labels:  malware-analysis
Amongus Mumble
Mumble VoIP Plugin and mod for the popular game "Among Us" to enable Proximity Voice Chat.
Stars: ✭ 105 (-94.11%)
Mutual labels:  hooking
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (-29.73%)
Mutual labels:  malware-analysis
View All Similar Projects ➔

Build status Codacy Badge GitHub release Github All Releases Github Latest Release

License Platform Badge Discussions

Twitter URL

FAQ - Frequently Asked Questions

📖 Read Wiki

📦 Uses library: libPEConv

PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PE-sieve is meant to be a light-weight engine dedicated to scan a single process at the time. It can be built as an EXE or as a DLL. The DLL version exposes a simple API and can be easily integrated with other applications.

PE-sieve tools family

There are few other tools that use PE-sieve as an engine, but focus on some specific usecases. They offer additional features and filters on the top of its base.

📌 HollowsHunter - if instead of scanning a particular process you want to scan full system with PE-sieve, this is the tool for you

📌 MalUnpack - offers quick unpacking of supplied malware sample

Clone

Use recursive clone to get the repo together with the submodule:

git clone --recursive https://github.com/hasherezade/pe-sieve.git

Builds

Download the latest release, or read more.

Available also via Chocolatey

logo by Baran Pirinçal

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].