========================================================================
MalwareHunter
========================================================================
A malware detection tool for Windows operating systems.
Command-line options: mem, reg, all
mem - Lists (untrusted) running processes
Output fields:
Process name
Image path
Image hash
Image signer
Certificate issuer
Trusted/untrusted
reg - Lists (untrusted) autorun registry entries
Output fields:
Registry key
Entry name
Image path
Image hash
Image signer
Certificate issuer
Trusted/untrusted
all - List all processes/entries instead of untrusted ones only.
Works in combination with one or more of the previous options.
CHANGELOG
0.0.0.6 (24 Mar 2015)
- Hash output field now contains MD5 hash of image file
instead of the catalog hash tag
- Fixed output field initialization issue
- Entries with non-existent image paths will now display
empty hash, signer and issuer output fields
0.0.0.5 (21 Mar 2015)
- Added support for Windows XP
- Suppressed listing of [System Process] and smss.exe
0.0.0.4 (18 Mar 2015)
- Added registry path to autoruns output fields
- Changed command-line syntax from switches to mnemonics
('mem', 'reg', 'all')
- Error messages are printed to console only when an
unexpected error occurs
0.0.0.3 (22 Feb 2015)
- Added '-r' command-line switch to list executables loaded
by common registry 'autorun' locations
- Slight refactoring of code to prepare for new functionality
0.0.0.2 (21 Feb 2015)
- Added version resource file
- Added '-a' command-line switch to list all running processes
(instead of only untrusted ones)
- Output now lists processes only, not modules within processes
- Added name of signer and issuer to output fields
0.0.0.1 (31 Jan 2015)
- Initial release
/////////////////////////////////////////////////////////////////////////////
Author: Jacob Gajek <jgajek@gmail.com>
This code is in the public domain.
/////////////////////////////////////////////////////////////////////////////