Skip to content

v0.3.9

Latest
Latest
Compare
Choose a tag to compare
@hasherezade hasherezade released this 24 Feb 21:25
· 76 commits to master since this release
v0.3.9
3f696a8

REFACT

  • Refactored to use a new pattern matching engine (SigFinder) for shellcode detection. Improved performance.

FEATURE

  • Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag
  • New fields in the scan_report.json:
    • Save the PE-sieve version with which the scan was performed (scanner_version)
    • In workingset_scan section: added patterns section with information about found patterns:
      • total_matched (count of all patterns matched, including the hardcoded ones)
      • custom_matched (count of patterns matched from the set defined by the user in pattern file)
  • New fields in the dump_report.json:
    • If pattern.tag file was generated, the name of this file will be added in the pattern_tags_file field of the relevant module.

See also: HollowsHunter v0.3.9 & MalUnpack v0.9.9 with the latest PE-sieve

ps039

Assets 8
Loading