Pe-Sieve - Recognizes In Addition To Dumps A Diversity Of Potentially Malicious Implants (Replaced/Injected Pes, Shellcodes, Hooks, In-Memory Patches)


PE-sieve is a light-weight tool that helps to detect malware running on the system, equally good equally to collect the potentially malicious fabric for farther analysis. Recognizes in addition to dumps diversity of implants inside the scanned process: replaced/injected PEs, shellcodes, hooks, in addition to other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Clone:
Use recursive clone to larn the repo together alongside the submodule:
git clone --recursive https://github.com/hasherezade/pe-sieve.git

Latest builds*:
*those builds are available for testing in addition to they may last ahead of the official release: