What's new in Hollows_Hunter 0.3.9
Feb 26, 2024
- FEATURE:
- Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag
New in Hollows_Hunter 0.3.8 (Nov 9, 2023)
- FEATURE:
- Supported new PE-sieve param: /obfusc
- Supported new options for PE-sieve /shellc param
New in Hollows_Hunter 0.3.6 (May 15, 2023)
- BUGFIX
- Fixed quiet mode - enabled with the parameter /quiet
New in Hollows_Hunter 0.3.5 (Nov 6, 2022)
- FEATURE:
- Added version information to resources
- BUGFIX:
- Use GetTickCount instead of GetTickCount64 (backward compat.) - Issue #13
- Other small fixes
New in Hollows_Hunter 0.3.4 (Feb 11, 2022)
- Supported changes in the implementation of /mignore
- Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution.
New in Hollows_Hunter 0.3.3 (Jan 24, 2022)
- BUGFIX:
- Fixed a typo in the JSON report (suspicious_count)
- FEATURE:
- Added optional caching: can be enabled with parameter /cache
- Set default output directory to hollows_hunter.dumps
- Added human-readable scan_date_time to the JSON report
- By default build statically with PE-sieve
New in Hollows_Hunter 0.3.2 (Dec 28, 2021)
- Added new modes of import reconstruction (/imp) : R0-R2 : from restrictive to aggressive
- Automatically turn on /refl mode if scan of inaccessible data requested ( /data 4, /data 5)
New in Hollows_Hunter 0.3.1.3 (Sep 12, 2021)
- Updated PE-sieve (v0.3.1.3)
New in Hollows_Hunter 0.3.0 (Aug 11, 2021)
- FEATURE:
- Added an icon
- Added support for new PE-sieve modes (i.e. scanning inaccessible pages)
New in Hollows_Hunter 0.2.9.8 (Jun 27, 2021)
- FEATURE:
- Added a possibility to exclude processes from the scan by their names: /pignore (Issue #10)
- Removed unused parameter : /mfilter
- Display names of all the processes - including the inaccessible ones
- If /ptimes used without a value given, assume 0 (means: scan all the processes created after HH started)
- REFACT:
- Refactored process enumeration
New in Hollows_Hunter 0.2.9.6 (May 9, 2021)
- Updated PE-sieve (v0.2.9.6)
New in Hollows_Hunter 0.2.9.5 (May 1, 2021)
- FEATURE:
- Added parameter ptimes: allowing to limit scan to the processes created a defined number of seconds before HollowsHunter started.
- Improved parameters accessibility: grouped into more categories, sorted.
- Display hints for misspelled parameters
- Added parameter jlvl allowing to regulate the level of details included in the JSON report. Allow to list hooks/patches in the scan_report.
New in Hollows_Hunter 0.2.9 (Oct 17, 2020)
- Updated PE-sieve (v0.2.9)
New in Hollows_Hunter 0.2.8.6 (Jul 28, 2020)
- BUGFIX:
- Fixed error in scanning workingset of some applications
New in Hollows_Hunter 0.2.8.5 (Jul 21, 2020)
- Updated PE-sieve (v0.2.8.5)
- Including:
- Fixed broken detection of ASPack
- Various fixes improving accuracy of the scan
New in Hollows_Hunter 0.2.8.3 (Jul 16, 2020)
- Fixed PE-sieve hanging during the IAT scan of some PEs
- added one more .NET policy (in /dnet parameter)
New in Hollows_Hunter 0.2.8 (Jul 13, 2020)
- Updated PE-sieve (v0.2.8)
- FEATURE:
- Detailed info about a single parameter can be requested by: /<parameter> ?
- Support the new modes in the /data parameter
- Support the new parameter /dnet allowing to set treating .NET modules different than native ones
- New colors of logo if run via Powershell
- Alert if the scanner has different bitness than the OS
- Display if the scanned process is 32 bit when scanning on 64 bit OS
- Alert about partially scanned processes (64 bit scanned by the 32 bit scanner)
- BUGFIX:
- Fixed switching back to the original console color after printing in color
- REFACT:
- Refactored parsing of the parameters
- Internal refactoring and cleanup of the scanner
New in Hollows_Hunter 0.2.7.1 (Jun 17, 2020)
- FEATURE:
- Scan virtual caves
- BUGFIX:
- Fixed /mginore option (filtering out selected modules from the scan)
- Fixed wrong calculation of a patch size
New in Hollows_Hunter 0.2.7 (Jun 15, 2020)
- FEATURE:
- Support the /refl parameter of PE-sieve (allowing to make a process reflection before scanning)
- Allow to compile statically with PE-sieve
- BUGFIX:
- Fixed bug in scanning processes selected by name (sometimes the names of the processes could not be read)
New in Hollows_Hunter 0.2.6 (Apr 14, 2020)
- Updated PE-sieve (v0.2.6)
- FEATURE:
- Support for the new PE-sieve parameter: /iat (scanning IAT Hooking)
New in Hollows_Hunter 0.2.5 (Mar 9, 2020)
- FEATURE:
- Added /pid <pids_list> parameter - allow to scan a list of processes defined by their PIDs
- Changes in the UI: removed redundant logs, added colors
- Show the name of the scanned process
- BUGFIX:
- Fixed parsing the list of processes (remove empty entries)
New in Hollows_Hunter 0.2.4 (Dec 30, 2019)
- FEATURE:
- Added /json parameter: print the summary in form of a JSON report
- Changes in the /pname parameter: allow to select multiple processes names,
- i.e. /pname iexplore.exe;firefox.exe;chrome.exe
- BUGFIX:
- Fixed parsing of /uniqd parameter
New in Hollows_Hunter 0.2.2.7 (Oct 19, 2019)
- Support Linux-style parameter switch ( i.e. -shellc as an equivalent of /shellc)
- Added parameter /minidmp (support for the new PE-sieve feature: creating MiniDumps of a suspicious processes)
New in Hollows_Hunter 0.2.2.6 (Aug 16, 2019)
- Added parameter /suspend (to suspend processes detected as suspicious)
- Print information about bitness in the banner
New in Hollows_Hunter 0.2.2.5 (Jun 17, 2019)
- FEATURE:
- Added parameter /data (to scan non-executable memory if DEP disabled)
New in Hollows_Hunter 0.2.1 (May 31, 2019)
- New parameter: /log: allows to enable appending a summary of each scan into a file (hollows_hunter.log)
- Added a JSON report from each scan: summary.json