Releases: hasherezade/hollows_hunter
v0.2.7.1
Updated PE-sieve (v0.2.7.1):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.7.1
with the following changes:
FEATURE
- Scan virtual caves
BUGFIX
- Fixed
/mginore
option (filtering out selected modules from the scan) - Fixed wrong calculation of a patch size
The builds are available in two version: with PE-sieve as a DLL (.zip), and with PE-sieve compiled statically (.exe)
v0.2.7
Updated PE-sieve (v0.2.7):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.7
FEATURE
- Support the
/refl
parameter of PE-sieve (allowing to make a process reflection before scanning) - Allow to compile statically with PE-sieve
BUGFIX
- Fixed bug in scanning processes selected by name (sometimes the names of the processes could not be read)
The builds are available in two version: with PE-sieve as a DLL (.zip), and with PE-sieve compiled statically (.exe)
v0.2.6
Updated PE-sieve (v0.2.6):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.6
FEATURE
- Support for the new PE-sieve parameter:
/iat
(scanning IAT Hooking)
v0.2.5
Updated PE-sieve (v0.2.5):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.5
FEATURE
- Added
/pid <pids_list>
parameter - allow to scan a list of processes defined by their PIDs - Changes in the UI: removed redundant logs, added colors
- Show the name of the scanned process
BUGFIX
- Fixed parsing the list of processes (remove empty entries)
v0.2.4
Updated PE-sieve (v0.2.4):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.4
FEATURE
- Added
/json
parameter: print the summary in form of a JSON report - Changes in the
/pname
parameter: allow to select multiple processes names,
i.e./pname iexplore.exe;firefox.exe;chrome.exe
BUGFIX
- Fixed parsing of
/uniqd
parameter
v0.2.2.7
Updated PE-sieve (v0.2.3):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.3
FEATURE
- Support Linux-style parameter switch ( i.e. -shellc as an equivalent of /shellc)
- Added parameter
/minidmp
(support for the new PE-sieve feature: creating MiniDumps of a suspicious processes)
v0.2.2.6
Updated PE-sieve (v0.2.2):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.2
FEATURE
- Added parameter
/suspend
(to suspend processes detected as suspicious) - Print information about bitness in the banner
v0.2.2.5
Updated PE-sieve (v0.2.1):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.1
FEATURE
- Added parameter
/data
(to scan non-executable memory if DEP disabled)
v0.2.2
Updated PE-sieve (v0.2.0):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.2
FEATURE
- Added build date to the banner
- Added option
/default
displaying information about the default settings
BUGFIX
- Do not start the scan if any of the given parameters is incorrect
v0.2.1
Updated PE-sieve (v0.1.8):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.1.8
FEATURE
- New parameter:
/log
: allows to enable appending a summary of each scan into a file (hollows_hunter.log
) - Added a JSON report from each scan:
summary.json