[Tools][Malware Analysis] hasherezade/pe-sieve

2024-06-27 06:02:09 +00:00 · 2018-03-21 14:17:35 +07:00 · 2018-03-21 14:17:35 +07:00 · cd849cd1e2
commit cd849cd1e2
parent 01aa8b9402
1 changed files with 4 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1089,6 +1089,10 @@ My curated list of awesome links, resources and tools
        <td><a href="https://github.com/hasherezade/libpeconv/tree/master/run_pe">hasherezade/libpeconv/runpe</a></td>
        <td>RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process. The given implementation works for PE 32bit as well as 64bit.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/hasherezade/pe-sieve">hasherezade/pe-sieve</a></td>
+        <td>Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/hegusung/AVSignSeek">hegusung/AVSignSeek</a></td>
        <td>Tool written in python3 to determine where the AV signature is located in a binary/payload</td>