Releases · hasherezade/hollows_hunter

14 Dec 16:06

hasherezade

v0.4.0

f8fc467

v0.4.0 Latest

Latest

📖 README.md

Using: PE-sieve v0.4.0
https://github.com/hasherezade/pe-sieve/releases/tag/v0.4.0

FEATURE

Added new parameter: /etw (64-bit only) - allows to run HH as an ETW listener. The types of listened events can be enabled/disabled by editing HH_ETWProfile.ini
Improved caching. From now modules caching is enabled by default when run in continuous scan mode (/loop or /etw). Settings can be changed via parameter /cache.
Updated CLI to follow the changes in PE-sieve. Support new parameters: /rebase and /report.

BUGFIX

Fixed crashing at the end of scan (occurring in 32-bit HH)
Other small fixes and improvements

Assets 6

24 Feb 21:30

hasherezade

v0.3.9

7afc4a3

v0.3.9

📖 README.md

Using: PE-sieve v0.3.9
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.9

FEATURE

Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag

Assets 8

10 Nov 22:41

hasherezade

v0.3.8.1

3a1d864

v0.3.8.1

📖 README.md

Using: PE-sieve v0.3.8
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.8

BUGFIX

Added parameter /obfusc into a group scan options

Assets 8

09 Nov 18:10

hasherezade

v0.3.8

7aa3e19

v0.3.8

📖 README.md

Updated PE-sieve (v0.3.8):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.8

FEATURE

Supported new PE-sieve param: /obfusc
Supported new options for PE-sieve /shellc param

Assets 8

14 May 22:48

hasherezade

v0.3.6

6ba9a61

v0.3.6

📖 README.md

Updated PE-sieve (v0.3.6):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.6

BUGFIX

Fixed quiet mode - enabled with the parameter /quiet

Assets 8

06 Nov 14:45

hasherezade

v0.3.5

35ac93c

v0.3.5

📖 README.md

Updated PE-sieve (v0.3.5):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.5

FEATURE

Added version information to resources

BUGFIX

Use GetTickCount instead of GetTickCount64 (backward compat.) - Issue #13
Other small fixes

Assets 8

10 Feb 22:58

hasherezade

v0.3.4

36c4fc0

v0.3.4

📖 README.md

Updated PE-sieve (v0.3.4):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.4

FEATURE

Supported changes in the implementation of /mignore
Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution.

Assets 8

24 Jan 00:03

hasherezade

v0.3.3

c1d15fd

v0.3.3

📖 README.md

Updated PE-sieve (v0.3.3):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.3

Changes specific to HollowsHunter:

BUGFIX

Fixed a typo in the JSON report (suspicious_count)

FEATURE

Added optional caching: can be enabled with parameter /cache
Set default output directory to hollows_hunter.dumps
Added human-readable scan_date_time to the JSON report
By default build statically with PE-sieve

The builds with _dll suffix contains HollowsHunter linked dynamically with pe-sieve.dll (old mode), while others are linked statically with PE-sieve (new mode)

Assets 8

28 Dec 19:07

hasherezade

v0.3.2

2ae3565

v0.3.2

📖 README.md

Updated PE-sieve (v0.3.2):
https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.2

FEATURE

Added new modes of import reconstruction (/imp) : R0-R2 : from restrictive to aggressive
Automatically turn on /refl mode if scan of inaccessible data requested ( /data 4, /data 5)