Identifying packers, crypters or protectors

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • Detect-It-Easy

    Program for determining types of files for Windows, Linux and MacOS.

    They use signatures. You can see the logic Detect-It-Easy uses to detect each tool by looking at the appropriate script

  • awesome-yara

    A curated list of awesome YARA rules, tools, and people.

    A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • PEpper

    An open source script to perform malware static analysis on Portable Executable

    As others have mentioned, looking at entropy is a good metric to generically determine whether or not a given sample is being packed / obfuscated in some way. Doing static analysis on the binary format itself (I'm assuming PE for Windows is the goal) is also useful, such as checking whether or not a section's raw size on disk is much smaller than the virtual size allocated in-memory for that section, which is a reliable indication of packing behavior. This project looks useful for introspecting such behaviors.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts