v0.3.9

📖 README.md

Using: PE-sieve v0.3.9
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.9

FEATURE

• Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag

v0.3.8.1

📖 README.md

Using: PE-sieve v0.3.8
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.8

BUGFIX

• Added parameter /obfusc into a group scan options

v0.3.8

📖 README.md

Updated PE-sieve (v0.3.8):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.8

FEATURE

• Supported new PE-sieve param: /obfusc
• Supported new options for PE-sieve /shellc param

v0.3.6

📖 README.md

Updated PE-sieve (v0.3.6):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.6

BUGFIX

• Fixed quiet mode - enabled with the parameter /quiet

v0.3.5

📖 README.md

Updated PE-sieve (v0.3.5):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.5

FEATURE

• Added version information to resources

BUGFIX

• Use GetTickCount instead of GetTickCount64 (backward compat.) - Issue #13
• Other small fixes

v0.3.4

📖 README.md

Updated PE-sieve (v0.3.4):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.4

FEATURE

• Supported changes in the implementation of /mignore
• Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution.

v0.3.3

📖 README.md

Updated PE-sieve (v0.3.3):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.3

Changes specific to HollowsHunter:

BUGFIX

• Fixed a typo in the JSON report (suspicious_count)

FEATURE

• Added optional caching: can be enabled with parameter /cache
• Set default output directory to hollows_hunter.dumps
• Added human-readable scan_date_time to the JSON report
• By default build statically with PE-sieve

The builds with _dll suffix contains HollowsHunter linked dynamically with pe-sieve.dll (old mode), while others are linked statically with PE-sieve (new mode)

v0.3.2

📖 README.md

Updated PE-sieve (v0.3.2):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.2

FEATURE

• Added new modes of import reconstruction (/imp) : R0-R2 : from restrictive to aggressive
• Automatically turn on /refl mode if scan of inaccessible data requested ( /data 4, /data 5)

v0.3.1.3

📖 README.md

Updated PE-sieve (v0.3.1.3):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.1.3

v0.3.1

Updated PE-sieve (v0.3.1):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.1

Changes in HollowsHunter (in addition to the changes in PE-sieve):

• Changes in presenting application parameters. Refactored to use ParamKit library