266 downloads Updated: Sep 9th, 2018 BSD License   
4.0/5 1





  100% FREE   report malware

PE-sieve icon Scans running processes to detect in-memory code modifications, useful for spotting active malware infiltrated into your computer

To boost the security level of your computer and keep an eye out for malware agents attempting to infiltrate into your system, you can add PE-Sieve to your collection of portable software.

It's a tiny command-line tool capable of scanning active PE processes to detect in-memory code modifications, which could mean that unauthorized changes were made by third parties trying to lower your PC's defenses. It requires no installation and has two executable files available for x86 and x64 Windows, so make sure to get the one that matches your system's architecture type.

Scans  inline hooks and other in-memory code modifications

The syntax is "/pid <target-pid>", where you can specify the ID of the running process you want to scan. PE-Sieve begins to scan all files linked to the process and shows a summary of the results when it's done, such as total scanned, hooked, modified and suspicious items.

This report is also saved in a JSON file that gets automatically created in a subfolder placed in the same directory as PE-Sieve. The subfolder's name matches the PID, so you can easily tell reports apart after running multiple scans on different processes.

Looks for suspicious process-level activity that could indicate malware

Optional commands can be used for recovering imports (/imp, keeping in mind that it may slow down scans), filtering scanned modules by 32-bit (/mfilter 1) or 64-bit (/mfilter 2), and filtering the dumped output (/ofilter), among others.

The console program worked smoothly on Windows 10 in our tests, carrying out scanning operations quickly while remaining light on system resources consumption.

Taking everything into account, PE-Sieve can be really helpful in boosting the security level of your system by scanning currently running processes for possible malware changes. It's free and open-source, so you can take a look at its code and use it for your own projects if you're a software developer.

PE analyzer Process scanner Detect malware PE dumper Scanner Malware Antimalware

PE-sieve was reviewed by Elena Opris
  Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy


add to watchlist send us an update
  file size:
546 KB
  runs on:
Windows All
  main category:
  3 screenshots:
  visit homepage