GitHub - jgajek/MalwareHunter: Malware detection tool for Windows

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.gitattributes		.gitattributes
.gitignore		.gitignore
MalwareHunter.cpp		MalwareHunter.cpp
MalwareHunter.rc		MalwareHunter.rc
MalwareHunter.sln		MalwareHunter.sln
MalwareHunter.vcxproj		MalwareHunter.vcxproj
MalwareHunter.vcxproj.filters		MalwareHunter.vcxproj.filters
ReadMe.txt		ReadMe.txt
resource.h		resource.h
stdafx.cpp		stdafx.cpp
stdafx.h		stdafx.h
targetver.h		targetver.h

Repository files navigation

========================================================================
    MalwareHunter
========================================================================

A malware detection tool for Windows operating systems.

Command-line options: mem, reg, all

mem - Lists (untrusted) running processes

Output fields:
    Process name
    Image path
    Image hash
    Image signer
    Certificate issuer
    Trusted/untrusted

reg - Lists (untrusted) autorun registry entries

Output fields:
    Registry key
    Entry name
    Image path
    Image hash
    Image signer
    Certificate issuer
    Trusted/untrusted

all - List all processes/entries instead of untrusted ones only.
      Works in combination with one or more of the previous options.

CHANGELOG
    0.0.0.6 (24 Mar 2015)
        - Hash output field now contains MD5 hash of image file
          instead of the catalog hash tag
        - Fixed output field initialization issue
        - Entries with non-existent image paths will now display
          empty hash, signer and issuer output fields

    0.0.0.5 (21 Mar 2015)
        - Added support for Windows XP
        - Suppressed listing of [System Process] and smss.exe

    0.0.0.4 (18 Mar 2015)
        - Added registry path to autoruns output fields
        - Changed command-line syntax from switches to mnemonics
          ('mem', 'reg', 'all')
        - Error messages are printed to console only when an
          unexpected error occurs

    0.0.0.3 (22 Feb 2015)
        - Added '-r' command-line switch to list executables loaded
          by common registry 'autorun' locations
        - Slight refactoring of code to prepare for new functionality

    0.0.0.2 (21 Feb 2015)
        - Added version resource file
        - Added '-a' command-line switch to list all running processes
          (instead of only untrusted ones)
        - Output now lists processes only, not modules within processes
        - Added name of signer and issuer to output fields

    0.0.0.1 (31 Jan 2015)
        - Initial release

/////////////////////////////////////////////////////////////////////////////

Author: Jacob Gajek <jgajek@gmail.com>

This code is in the public domain.

/////////////////////////////////////////////////////////////////////////////

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Uh oh!

Releases

Packages

Uh oh!

Languages

jgajek/MalwareHunter

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages