https://github.com/hasherezade/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/hollows_hunter

anti-malware malware-analysis malware-detection memory-forensics pe-sieve

Last synced: 1 day ago
JSON representation

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

• Host: GitHub
• URL: https://github.com/hasherezade/hollows_hunter
• Owner: hasherezade
• License: bsd-2-clause
• Created: 2018-01-11T17:07:17.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2024-11-06T01:03:44.000Z (about 1 month ago)
• Last Synced: 2024-12-05T05:04:27.549Z (8 days ago)
• Topics: anti-malware, malware-analysis, malware-detection, memory-forensics, pe-sieve
• Language: C
• Homepage: https://github.com/hasherezade/hollows_hunter/wiki
• Size: 14.1 MB
• Stars: 2,041
• Watchers: 66
• Forks: 256
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). (C)
• awesome-lists - hollows hunter

README

        
# hollows_hunter

![](./logo/logo2_128.png)

[![Build status](https://ci.appveyor.com/api/projects/status/nsc2eux5986y1shq?svg=true)](https://ci.appveyor.com/project/hasherezade/hollows-hunter)

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/0c149fcd62084f96ac0c131e4473dbdf)](https://app.codacy.com/gh/hasherezade/hollows_hunter/dashboard?branch=master)

[![Commit activity](https://img.shields.io/github/commit-activity/m/hasherezade/hollows_hunter)](https://github.com/hasherezade/hollows_hunter/commits)

[![Last Commit](https://img.shields.io/github/last-commit/hasherezade/hollows_hunter/master)](https://github.com/hasherezade/hollows_hunter/commits)

[![GitHub release](https://img.shields.io/github/release/hasherezade/hollows_hunter.svg)](https://github.com/hasherezade/hollows_hunter/releases)

[![GitHub release date](https://img.shields.io/github/release-date/hasherezade/hollows_hunter?color=blue)](https://github.com/hasherezade/hollows_hunter/releases)

[![Github All Releases](https://img.shields.io/github/downloads/hasherezade/hollows_hunter/total.svg)](https://github.com/hasherezade/hollows_hunter/releases)

[![Github Latest Release](https://img.shields.io/github/downloads/hasherezade/hollows_hunter/latest/total.svg)](https://github.com/hasherezade/hollows_hunter/releases)

[![License](https://img.shields.io/badge/License-BSD%202--Clause-blue.svg)](https://github.com/hasherezade/hollows_hunter/blob/master/LICENSE)

[![Platform Badge](https://img.shields.io/badge/Windows-0078D6?logo=windows)](https://github.com/hasherezade/hollows_hunter)

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

📦 Uses: [PE-sieve](https://github.com/hasherezade/pe-sieve.git) (the [library version](https://github.com/hasherezade/pe-sieve/wiki/2.-How-to-build)).

❓ [PE-sieve FAQ - Frequently Asked Questions](https://github.com/hasherezade/pe-sieve/wiki/1.-FAQ)

📖 [Read Wiki](https://github.com/hasherezade/hollows_hunter/wiki)

## Clone

Use recursive clone to get the repo together with all the submodules:

```console

git clone --recursive https://github.com/hasherezade/hollows_hunter.git

```

## Builds

Download the latest [release](https://github.com/hasherezade/hollows_hunter/releases), or [read more](https://github.com/hasherezade/hollows_hunter/wiki#download).

![](https://community.chocolatey.org/favicon.ico) Available also via [Chocolatey](https://community.chocolatey.org/packages/hollowshunter)