Skip to main content

Implementation of the packing detection heuristic from the paper "Packed PE File Detection for Malware Forensics" of Han et al.

Project description

REMINDer Tweet

Detect packers on executable files using a simple entropy-based heuristic.

PyPi Python Versions Build Status License

REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.

lief is used for binary parsing.

$ pip install reminder-detector
$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

Detection Mechanism

  1. Find the EP section
  2. Check whether it is writable
  3. If yes, check whether entropy is beyond a threshold (depending on the executable format)
  4. If yes, the input executable is packed ; otherwise, it is not

Related Projects

You may also like these:

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reminder_detector-1.2.2.tar.gz (69.8 kB view details)

Uploaded Source

Built Distribution

reminder_detector-1.2.2-py3-none-any.whl (31.7 kB view details)

Uploaded Python 3

File details

Details for the file reminder_detector-1.2.2.tar.gz.

File metadata

  • Download URL: reminder_detector-1.2.2.tar.gz
  • Upload date:
  • Size: 69.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for reminder_detector-1.2.2.tar.gz
Algorithm Hash digest
SHA256 a46de9903ae20942e8b4b24d2d196bca771811100b4e662d909e4648cc690c6b
MD5 28ab33e788bb70838ad61f6bf2f4cc1b
BLAKE2b-256 2bceebe18f0035567f985d8cdee7ac59fde08c4baac87e5526713399cd60b429

See more details on using hashes here.

File details

Details for the file reminder_detector-1.2.2-py3-none-any.whl.

File metadata

File hashes

Hashes for reminder_detector-1.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 a61e8accf9c0152cc737c0975de163a9011c3ce9aed2f4b0233bb1ea9697fe59
MD5 5c74a3c3c139ba90ad2a3b987912caee
BLAKE2b-256 4699278a8641cf4ebd85fe27d531e391b6410c7b6df1fc02e33da73aad99c02d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page