PEpper
Qu1cksc0pe
PEpper | Qu1cksc0pe | |
---|---|---|
2 | 1 | |
302 | 1,122 | |
- | - | |
0.0 | 8.0 | |
12 months ago | 5 days ago | |
YARA | YARA | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PEpper
-
Identifying packers, crypters or protectors
As others have mentioned, looking at entropy is a good metric to generically determine whether or not a given sample is being packed / obfuscated in some way. Doing static analysis on the binary format itself (I'm assuming PE for Windows is the goal) is also useful, such as checking whether or not a section's raw size on disk is much smaller than the virtual size allocated in-memory for that section, which is a reliable indication of packing behavior. This project looks useful for introspecting such behaviors.
- blackeko/PEpper - An open source script to perform malware static analysis on Portable Executable
Qu1cksc0pe
What are some alternatives?
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
MalwareDatabase - One of the few malware collection
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
MicroSCOPE - Static analysis tool that can identify potential ransomware on PE or ELF files based on heuristics
awesome-yara - A curated list of awesome YARA rules, tools, and people.
pepper - simple and opinionated modal code editor for your terminal
malware-ioc - Indicators of Compromises (IOC) of our various investigations
Dimorf - Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
RAASNet - Open-Source Ransomware As A Service for Linux, MacOS and Windows [GET https://api.github.com/repos/leonv024/RAASNet: 403 - Repository access blocked]