Collection of tools for executable packing detection

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/Malware

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • SaaSHub - Software Alternatives and Reviews
  • bintropy

    Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes

    Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.

  • LIEF

    LIEF - Library to Instrument Executable Formats

    Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • peid

    Python implementation of the Packed Executable iDentifier (PEiD)

    PEiD (Python version): Yet another version of it (I found a few others, but always with an outdated userdb.txt), but with a userdb.txt merged from various repositories and an additional tool for making new signatures.

  • PyPackerDetect

    Packing detection tool for PE files

    PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.

  • PyPackerDetect

    A malware dataset curation tool which helps identify packed samples. (by cylance)

    PyPackerDetect (upgraded fork): Refactored version of the original that seems to be discontinued.

  • docker-packing-box

    Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection

    All these are automated/mechanized in a Docker image that allows to do far more than just playing with some packing detectors.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts