Awesome
<p align="center"><img src="https://github.com/packing-box/peid/raw/main/docs/logo.png"></p> <h1 align="center">Packed Executable iDentifier <a href="https://twitter.com/intent/tweet?text=Packed%20Executable%20iDentifier%20-%20Python%20implementation%20of%20PEiD,%20the%20well-known%20packer%20identification%20tool%20for%20PE%20files%20based%20on%20signatures.%0D%0Ahttps%3a%2f%2fgithub%2ecom%2fpacking-box%2fpeid%0D%0A&hashtags=python,pe,peid,packer,packingdetection"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> <h3 align="center">Detect packers on PE files using signatures.</h3>This tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in the scope of packing detection for Windows PE files based on signatures. It uses a combination of more than 5.500 signatures merged from the following sources:
$ pip install peid
The main tool checks the input executable against the embedded or user-defined signatures database.
$ peid --help
[...]
$ peid program.exe
[...]
$ peid program.exe --db custom_sigs_db.txt
The second tool allows to inspect signatures.
$ peid-db --db path/to/userdb.txt --filter UPX
The third tool allows to create and integrate new signatures.
$ peid-sig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith
:star: Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PyPackerDetect: Packing detection tool for PE files (fork of this repository).
- REMINDer: Packing detector using a simple heuristic (inspired from this paper).