======================================================================== MalwareHunter ======================================================================== A malware detection tool for Windows operating systems. Command-line options: mem, reg, all mem - Lists (untrusted) running processes Output fields: Process name Image path Image hash Image signer Certificate issuer Trusted/untrusted reg - Lists (untrusted) autorun registry entries Output fields: Registry key Entry name Image path Image hash Image signer Certificate issuer Trusted/untrusted all - List all processes/entries instead of untrusted ones only. Works in combination with one or more of the previous options. CHANGELOG 0.0.0.6 (24 Mar 2015) - Hash output field now contains MD5 hash of image file instead of the catalog hash tag - Fixed output field initialization issue - Entries with non-existent image paths will now display empty hash, signer and issuer output fields 0.0.0.5 (21 Mar 2015) - Added support for Windows XP - Suppressed listing of [System Process] and smss.exe 0.0.0.4 (18 Mar 2015) - Added registry path to autoruns output fields - Changed command-line syntax from switches to mnemonics ('mem', 'reg', 'all') - Error messages are printed to console only when an unexpected error occurs 0.0.0.3 (22 Feb 2015) - Added '-r' command-line switch to list executables loaded by common registry 'autorun' locations - Slight refactoring of code to prepare for new functionality 0.0.0.2 (21 Feb 2015) - Added version resource file - Added '-a' command-line switch to list all running processes (instead of only untrusted ones) - Output now lists processes only, not modules within processes - Added name of signer and issuer to output fields 0.0.0.1 (31 Jan 2015) - Initial release ///////////////////////////////////////////////////////////////////////////// Author: Jacob Gajek <jgajek@gmail.com> This code is in the public domain. /////////////////////////////////////////////////////////////////////////////