issues
search
hasherezade
/
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://hshrzd.wordpress.com/pe-sieve/
BSD 2-Clause "Simplified" License
2.97k
stars
420
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Write scan_report in the base directory if /ofilter 1
#62
sydurand
closed
4 years ago
5
Add possibility to create a LIB
#61
sydurand
closed
4 years ago
3
Add options for building a static library and linking statically
#60
secDre4mer
closed
4 years ago
6
Add support for compilation with MinGW
#59
secDre4mer
closed
4 years ago
0
Could not read the remote PE
#58
bartblaze
closed
4 years ago
4
Detect IAT patching
#57
hasherezade
closed
4 years ago
1
Offset of the original Import Table is replaced pointing to its part
#56
hasherezade
closed
4 years ago
1
We miss you on youtube... please come back.
#55
pedroflor
closed
4 years ago
1
Cmd line arg ignore modules
#54
ladislav-zezula
closed
4 years ago
1
Silence all output in quiet mode
#53
Jack-McDowell
closed
4 years ago
1
Silent mode still outputting information
#52
Jack-McDowell
closed
4 years ago
0
Path parsing mismatch resulting in false positive
#51
Jack-McDowell
closed
4 years ago
8
Failed to detect injection(OpenThread-> QueueUserAPC-> ResumeThread) by MSBuildAPICaller
#50
duzvik
closed
11 months ago
5
Hexadecimal PID as a valid parameter
#49
Fmk0
closed
4 years ago
0
Mishandling of an injected .NET PE
#48
hodgav
closed
4 years ago
7
Add detection for Module Overloading
#47
hasherezade
closed
4 years ago
2
Support applications packed by Crinkler
#46
hasherezade
closed
4 years ago
1
Bug: the module is detected, but not reconstructed or dumped (Kovter)
#45
hasherezade
closed
4 years ago
0
Bug: a PE embedded in a shellcode was not detected (KrugBot)
#44
hasherezade
closed
4 years ago
1
Minidump of a detected process
#43
hasherezade
closed
4 years ago
1
Broken XP compatibility
#42
hasherezade
opened
4 years ago
9
ntdll, user32dll
#41
danielpe18
closed
4 years ago
1
Linux-style parameter switch
#40
hasherezade
closed
4 years ago
0
Wrong section alignment in dumped HawkEye sample
#39
hodgav
closed
4 years ago
1
Redundant if statement
#38
LuanDevecchi
closed
5 years ago
2
Scan non-executable pages for shellcode if DEP disabled
#37
hasherezade
closed
5 years ago
1
Bug: not detecting sections that are set executable during execution
#36
hasherezade
closed
5 years ago
1
Imports rebuilding - another issue with another sample of Trickbot
#35
hodgav
closed
5 years ago
3
Reconstruct Import Table from the scratch
#34
hasherezade
closed
5 years ago
0
Failed reconstructing one of the Emotet's payloads
#33
hasherezade
closed
5 years ago
1
Failed reconstructing the payload (Ursnif)
#32
hasherezade
closed
5 years ago
4
Dumping the new trickbot module - import recontruction does not seem to work
#31
hodgav
closed
5 years ago
10
[BUGFIX] Check workingset scanner flag
#30
mauronz
closed
5 years ago
2
Crash during scan (Qakbot)
#29
hasherezade
closed
5 years ago
0
Crash during scan (Ursnif)
#28
hasherezade
closed
5 years ago
0
Filter out the patch at GuardCFCheckFunctionPointer
#27
hasherezade
closed
5 years ago
0
False positives or something weird?
#26
jfariasf
closed
4 years ago
2
In artefacts scan: misaligned offsets of artefacts
#25
hasherezade
closed
5 years ago
1
Crash during scan
#24
hasherezade
closed
5 years ago
0
Identify the hook target
#23
hasherezade
closed
5 years ago
2
Do not generate tags for an unpacked section
#22
hasherezade
closed
5 years ago
1
Crash during scan
#21
hasherezade
closed
5 years ago
0
Update README.md
#20
CerebralMischief
closed
5 years ago
0
DLL injection detection
#19
simakhan785
opened
5 years ago
15
Huge amount of replaced processes
#18
Sirbu
closed
4 years ago
3
Remove an unnecessary null pointer check
#17
elfring
closed
5 years ago
2
Parsing win32 paths incorrectly
#16
CookedMorsel
closed
6 years ago
2
Detect a patch partially overlapping Import Address Table
#15
hasherezade
closed
2 years ago
1
Invalid resolving of recursively mapped paths
#14
hasherezade
closed
6 years ago
0
JSON Unescaped back slashes
#13
Neo23x0
closed
6 years ago
3
Previous
Next