Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks
☆71Aug 14, 2021Updated 4 years ago
Alternatives and similar repositories for RichPE
Users that are interested in RichPE are comparing it to the libraries listed below
Sorting:
- Simple tool to extract icons from a pe file and other useful information☆13Jun 22, 2018Updated 7 years ago
- Collection of ezine about virii☆17Sep 13, 2022Updated 3 years ago
- ☆23May 28, 2021Updated 4 years ago
- CLI tool to compute the TypeRefHash for .NET binaries.☆19Nov 10, 2021Updated 4 years ago
- An Interactive Pcap Editor (based on Scapy)☆23Oct 11, 2020Updated 5 years ago
- ☆22Dec 22, 2020Updated 5 years ago
- Extract GUIDs from .NET assemblies☆21Jun 15, 2016Updated 9 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Apr 13, 2018Updated 7 years ago
- Print compiler information stored in Rich Header of PE executables.☆148Feb 25, 2026Updated last week
- Alternative YARA scanning engine☆73Aug 23, 2022Updated 3 years ago
- Finding sensitive information in the trimmed parts of cropped images☆29Jan 5, 2022Updated 4 years ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Jul 11, 2021Updated 4 years ago
- Binary matching with Binary Ninja☆22Jul 8, 2024Updated last year
- ☆12May 8, 2020Updated 5 years ago
- Synapse Rapid Power-up for SinkDB☆11Jun 24, 2025Updated 8 months ago
- the longene tech-docs for translation, to-be used in wiki: http://www.longene.org/mediawiki/index.php/%E9%A6%96%E9%A1%B5☆13Jan 4, 2011Updated 15 years ago
- ProcessHollowing via csharp☆13Dec 21, 2021Updated 4 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Jul 8, 2022Updated 3 years ago
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- ☆13Jan 21, 2019Updated 7 years ago
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Jun 5, 2023Updated 2 years ago
- Data from analysis of the custom sample from the chapter "Practical Analysis and Test"☆12Aug 1, 2020Updated 5 years ago
- Fuzzy Hash calculated from import API of PE files☆90Aug 26, 2022Updated 3 years ago
- A collection of my yara rules☆34Jul 11, 2023Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆12Jan 1, 2023Updated 3 years ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Sep 27, 2022Updated 3 years ago
- Thanks to @d35ha☆13Aug 16, 2021Updated 4 years ago
- API hashing written in C to load APIs indirectly using CRC32 hashing☆15Jul 27, 2020Updated 5 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- Knowing which rule should trigger according to the redcannary test☆11Nov 23, 2024Updated last year
- Test if an antivirus is installed via the resolution of the service virtual SID☆56Jan 24, 2020Updated 6 years ago
- RESTful API for Unipacker (https://github.com/unipacker/unipacker)☆15Mar 12, 2021Updated 4 years ago
- This is a simple tool to remove the "Rich" header from binaries (EXE or DLL files) created by M$ development tools.☆33Feb 3, 2021Updated 5 years ago
- Simple Process Hollowing in C#☆68Oct 23, 2017Updated 8 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- very simple masm64 example to demonstrate how to compile MASM 64 bit using NMake/CMake☆14Aug 23, 2022Updated 3 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago