Re-implementation and packaging of PyPackerDetect
Project description
PyPackerDetect 
Detect packers on PE files using heuristics and signatures.
A complete refactoring of this project to a Python package with a console script to detect whether an executable is packed.
pefile is used for PE parsing. peid is used as implementation of PEiD.
$ pip install pypackerdetect
$ pypackerdetect --help
[...]
usage examples:
- pypackerdetect program.exe
- pypackerdetect program.exe -b
- pypackerdetect program.exe --low-imports --unknown-sections
- pypackerdetect program.exe --imports-threshold 5 --bad-sections-threshold 5
Detection Mechanisms
- PEID signatures
- Known packer section names
- Entrypoint in non-standard section
- Threshhold of non-standard sections reached
- Low number of imports
- Overlapping entrypoint sections
Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
- REMINDer: Packing detector using a simple heuristic (inspired from this paper).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pypackerdetect-1.1.0.tar.gz
(347.6 kB
view hashes)
Built Distribution
pypackerdetect-1.1.0-py3-none-any.whl
(310.6 kB
view hashes)
Close
Hashes for pypackerdetect-1.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | dfc4783c768e80b4dc9e945ce3e3b5e11cef194d03bb22b04474e02103c7df92 |
|
MD5 | 4b8b84ea574e2ea2283c8af132d7bf47 |
|
BLAKE2b-256 | 5a871c08cc529df7a98f0500a47c98b54be63b33c45ab333bed4f23bb6da81b9 |