PyPackerDetect icon indicating copy to clipboard operation
PyPackerDetect copied to clipboard

Published 20 hours ago verified publisher icon dhondta

Metadata

Packing detection tool for PE files

PyPackerDetect Tweet

Detect packers on PE files using heuristics and signatures.

PyPi Python Versions Known Vulnerabilities DOI License

A complete refactoring of this project to a Python package with a console script to detect whether an executable is packed.

pefile is used for PE parsing. peid is used as implementation of PEiD.

$ pip install pypackerdetect

$ pypackerdetect --help
[...]
usage examples:
- pypackerdetect program.exe
- pypackerdetect program.exe -b
- pypackerdetect program.exe --low-imports --unknown-sections
- pypackerdetect program.exe --imports-threshold 5 --bad-sections-threshold 5

:bulb: Detection Mechanisms

  • PEID signatures
  • Known packer section names
  • Entrypoint in non-standard section
  • Threshhold of non-standard sections reached
  • Low number of imports
  • Overlapping entrypoint sections

:star: Related Projects

You may also like these:

  • Awesome Executable Packing: A curated list of awesome resources related to executable packing.
  • Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes.
  • Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
  • Dataset of packed PE files: Dataset of PE samples packed with many different packers.
  • Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
  • PEiD: Python implementation of the Packed Executable iDentifier (PEiD).

:clap: Supporters

Stargazers repo roster for @packing-box/PyPackerDetect

Forkers repo roster for @packing-box/PyPackerDetect

Back to top

Metadata

7
Stars
1
Forks
Watchers

Owner

verified publisher icon dhondta

Metadata

Packing detection tool for PE files

Back