Reading Time: < 1 minute
sigcheck & sigvalidator sigcheck is a Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed. sigvalidator is a Python module to verify signatures of PE files.
Source code (GNU/GPL v3 license).
More information in the paper.
malscan Volatility plugin to detect malicious code thanks to ClamAV.
Source code (GNU/AGPL v3 license).
More information in this post.
winesap Volatility plugin to analyze the registry-based Windows ASEPs in a memory dump.
Source code (GNU/AGPL v3 license).
More information in the paper.
processfuzzyhash Volatility plugin to calculate and compare Windows processes fuzzy hashes.
Source code (GNU/AGPL v3 license).
More information in the paper.
pinVMShield Pin-based tool to protect a sandbox application of common anti-virtual machine and anti-sandbox detection techniques.
Source code (GNU/GPL v3 license).
More information in the paper.