Hollows_Hunter

With new malware being developed every day, it doesn't come as a surprise that it can take multiple forms and make its way even to advanced users' computers. This is why keeping an eye out for suspicious processing or those running in the background and eating a lot of the PC's resources cannot be stressed enough.

Hollows_Hunter is a tiny tool designed to help you scan the running processes and identify anything suspicious or out of the ordinary, such as in memory modifications or unauthorized changes.

The program can be run standard or in command line, but it is mandatory that you use an Administrator Account. Since the idea behind the tool is to scan running processes, both visible and hidden, it means it needs to access various folders that can only be accessed with Admin rights.

As previously mentioned, the idea here is to help you recognize and manage various suspicious implants, including but not limited to hooks, in-memory patches, shellcodes or replaced as well as implanted PEs. For this purpose, it relies on PE-Sieve, a tool designed to help you scab active PE processes to detect in-memory code modifications.

It is worth mentioning that the app can be run with parameters that allow you to scan for a particular process or a directory. Moreover, you can scan continuously, in case you are trying to test a potentially malicious code.

At the same time, the program can enable the recovery imports or the dump mode, in which the PE files are essentially dumped. It goes without saying that you can kill the processes detected as suspicious and determine whether they pop up again when running a particular app, for instance.

Hollows_Hunter is a tool that addresses advanced users and that provides them with a specialized tool capable of detecting an impressive array of potentially malicious implants.