2. Iat patcherPersistent IAT hooking application - based on bearparser
3. Chimera peChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
4. ShellconvSmall tool for disassembling shellcode (using objdump)
7. Pe SieveScans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
10. Masm shcA helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
11. VidiViDi Visual Disassembler (experimental)
12. Process chameleonA process overwriting its own PEB to make an illusion that it has been loaded from a different path.
17. Hollows hunterScans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
18. DemosDemos of various injection techniques found in malware
20. LibpeconvA library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
25. Ida iflIFL - Interactive Functions List (plugin for IDA Pro)
28. petya keyA decoder for Petya victim keys, using the Janus' masterkey.
30. mal sortVarious scripts helpful in sorting collections of malware samples.
34. asm16 projectsMy small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)
35. pin n sieveAn experimental dynamic malware unpacker based on Intel Pin and PE-sieve
37. crypto utilsSet of my small utils related to cryptography, encoding, decoding etc
38. loaderineA demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.