Implementation of the packing detection heuristic from the paper "Packed PE File Detection for Malware Forensics" of Han et al.
Project description
REMINDer 
Detect packers on executable files using a simple entropy-based heuristic.
REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.
lief is used for binary parsing.
$ pip install reminder-detector
$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9
Detection Mechanism
- Find the EP section
- Check whether it is writable
- If yes, check whether entropy is beyond a threshold (depending on the executable format)
- If yes, the input executable is packed ; otherwise, it is not
Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
- PyPackerDetect: Packing detection tool for PE files (fork of this repository).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
reminder_detector-1.2.2.tar.gz
(69.8 kB
view details)
Built Distribution
File details
Details for the file reminder_detector-1.2.2.tar.gz
.
File metadata
- Download URL: reminder_detector-1.2.2.tar.gz
- Upload date:
- Size: 69.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a46de9903ae20942e8b4b24d2d196bca771811100b4e662d909e4648cc690c6b |
|
MD5 | 28ab33e788bb70838ad61f6bf2f4cc1b |
|
BLAKE2b-256 | 2bceebe18f0035567f985d8cdee7ac59fde08c4baac87e5526713399cd60b429 |
File details
Details for the file reminder_detector-1.2.2-py3-none-any.whl
.
File metadata
- Download URL: reminder_detector-1.2.2-py3-none-any.whl
- Upload date:
- Size: 31.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a61e8accf9c0152cc737c0975de163a9011c3ce9aed2f4b0233bb1ea9697fe59 |
|
MD5 | 5c74a3c3c139ba90ad2a3b987912caee |
|
BLAKE2b-256 | 4699278a8641cf4ebd85fe27d531e391b6410c7b6df1fc02e33da73aad99c02d |