Scans running processes to detect in-memory code modifications, useful for spotting active malware infiltrated into your computer. #PE analyzer #Process scanner #Detect malware #PE dumper #Scanner #Malware
To boost the security level of your computer and keep an eye out for malware agents attempting to infiltrate into your system, you can add PE-Sieve to your collection of portable software.
It's a tiny command-line tool capable of scanning active PE processes to detect in-memory code modifications, which could mean that unauthorized changes were made by third parties trying to lower your PC's defenses. It requires no installation and has two executable files available for x86 and x64 Windows, so make sure to get the one that matches your system's architecture type.
The syntax is "/pid <target-pid>", where you can specify the ID of the running process you want to scan. PE-Sieve begins to scan all files linked to the process and shows a summary of the results when it's done, such as total scanned, hooked, modified and suspicious items.
This report is also saved in a JSON file that gets automatically created in a subfolder placed in the same directory as PE-Sieve. The subfolder's name matches the PID, so you can easily tell reports apart after running multiple scans on different processes.
Optional commands can be used for recovering imports (/imp, keeping in mind that it may slow down scans), filtering scanned modules by 32-bit (/mfilter 1) or 64-bit (/mfilter 2), and filtering the dumped output (/ofilter), among others.
The console program worked smoothly on Windows 10 in our tests, carrying out scanning operations quickly while remaining light on system resources consumption.
Taking everything into account, PE-Sieve can be really helpful in boosting the security level of your system by scanning currently running processes for possible malware changes. It's free and open-source, so you can take a look at its code and use it for your own projects if you're a software developer.
What's new in PE-sieve 0.3.9:
- REFACT:
- Refactored to use a new pattern matching engine (SigFinder) for shellcode detection. Improved performance.
PE-sieve 0.3.9
add to watchlist add to download basket send us an update REPORT- PRICE: Free
- runs on:
- Windows All
- file size:
- 764 KB
- filename:
- pe-sieve32.exe
- main category:
- Security
- developer:
- visit homepage
ShareX
IrfanView
Microsoft Teams
paint.net
Zoom Client
4k Video Downloader
Windows Sandbox Launcher
Bitdefender Antivirus Free
7-Zip
calibre
- Bitdefender Antivirus Free
- 7-Zip
- calibre
- ShareX
- IrfanView
- Microsoft Teams
- paint.net
- Zoom Client
- 4k Video Downloader
- Windows Sandbox Launcher