From cd849cd1e2203f8343ef6682971580b4dc9d3051 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreplay.github.com>
Date: Wed, 21 Mar 2018 14:17:35 +0700
Subject: [PATCH] [Tools][Malware Analysis] hasherezade/pe-sieve

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index ccbde5d..d1635e0 100644
--- a/README.md
+++ b/README.md
@@ -1089,6 +1089,10 @@ My curated list of awesome links, resources and tools
         <td><a href="https://github.com/hasherezade/libpeconv/tree/master/run_pe">hasherezade/libpeconv/runpe</a></td>
         <td>RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process. The given implementation works for PE 32bit as well as 64bit.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/hasherezade/pe-sieve">hasherezade/pe-sieve</a></td>
+        <td>Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/hegusung/AVSignSeek">hegusung/AVSignSeek</a></td>
         <td>Tool written in python3 to determine where the AV signature is located in a binary/payload</td>