Skip to content

v0.3.6
Compare
Choose a tag to compare
@hasherezade hasherezade released this 14 May 22:45
· 170 commits to master since this release
v0.3.6
5769040

FEATURE

  • improved integration with other languages (Python, Golang: #112), improvements in the API
  • in ThreadScan: calculate the entropy of the detected area:
    • decreased number of false positives (filtering by entropy)
    • added a new section to the ThreadScanReport: stats
  • in dump report: set "is_shellcode" : 1 only if the code pattern was matched (to distinguish cases when i.e. the shellcode was encrypted and detected by thread scan)

BUGFIX

  • fixed a bug in libPEconv (buffer boundary check: cabdd46)
  • fixed crash if the output filter was set ( #113 - missing check if the dump report was generated )
  • fixed backward compatibility with Windows XP ( #42 )
  • decreased number of false positives when searching for PE files in non-executable memory

REFACT

  • faster search for code signatures: skip padding from the scan

See also: HollowsHunter v0.3.6 & MalUnpack v0.9.7 with the latest PE-sieve

pesieve_036

Assets 8
Loading