 |
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Loading...
Searching...
No Matches
|
PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
|
Go to the source code of this file.
Classes | |
| class | pesieve::CodeMatcher |
| class | pesieve::ObfuscatedMatcher |
| class | pesieve::EncryptedMatcher |
| class | pesieve::TextMatcher |
Namespaces | |
| namespace | pesieve |
Macros | |
| #define | ENTROPY_DATA_TRESHOLD 3.0 |
| #define | ENTROPY_CODE_TRESHOLD ENTROPY_DATA_TRESHOLD |
| #define | ENTROPY_ENC_TRESHOLD 6.0 |
| #define | ENTROPY_STRONG_ENC_TRESHOLD 7.0 |
| #define | CHARSET_SIZE 0xFF |
Functions | |
| double | pesieve::getValRatio (IN const AreaMultiStats &stats, BYTE val) |
| size_t | pesieve::checkRatios (IN const AreaMultiStats &stats, IN std::map< BYTE, double > &ratios) |
| size_t | pesieve::countFoundStrings (IN const AreaMultiStats &stats, IN std::set< std::string > neededStrings, IN size_t minOccurrence) |
| #define CHARSET_SIZE 0xFF |
Definition at line 10 of file stats_analyzer.cpp.
| #define ENTROPY_CODE_TRESHOLD ENTROPY_DATA_TRESHOLD |
Definition at line 6 of file stats_analyzer.cpp.
| #define ENTROPY_DATA_TRESHOLD 3.0 |
Definition at line 5 of file stats_analyzer.cpp.
| #define ENTROPY_ENC_TRESHOLD 6.0 |
Definition at line 7 of file stats_analyzer.cpp.
| #define ENTROPY_STRONG_ENC_TRESHOLD 7.0 |
Definition at line 8 of file stats_analyzer.cpp.
1.10.0