search

hasherezade / pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://hshrzd.wordpress.com/pe-sieve/
BSD 2-Clause "Simplified" License
2.97k stars 420 forks source link

Broken detection of ASProtect #66

Closed hasherezade closed 3 years ago

hasherezade commented 3 years ago

Since the release > 0.2.3 detection of ASProtect got broken. Testcase:

The reason is, the code section is not set as executable: non_exe and mistakenly the scan is omitted.

hasherezade commented 3 years ago

Fixed: aspack_fixed