Skip to main content

Implementation of the packing detection heuristic from the paper "Packed PE File Detection for Malware Forensics" of Han et al.

Project description

REMINDer Tweet

Detect packers on executable files using a simple entropy-based heuristic.

PyPi Python Versions Build Status License

REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.

lief is used for binary parsing.

$ pip install reminder-detector
$ reminder --help
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

Detection Mechanism

  1. Find the EP section
  2. Check whether it is writable
  3. If yes, check whether entropy is beyond a threshold (depending on the executable format)
  4. If yes, the input executable is packed ; otherwise, it is not

Related Projects

You may also like these:

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reminder-detector-1.2.1.tar.gz (69.8 kB view hashes)

Uploaded Source

Built Distribution

reminder_detector-1.2.1-py3-none-any.whl (31.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page