Home

Awesome

<p align="center"><img src="https://github.com/packing-box/REMINDer/raw/main/docs/logo.png"></p> <h1 align="center">REMINDer <a href="https://twitter.com/intent/tweet?text=REMINDer%20-%20Packer%20detector%20using%20an%20entropy-based%20heuristic.%0D%0Ahttps%3a%2f%2fgithub%2ecom%2fpacking-box%2fREMINDer%0D%0A&hashtags=python,packer,packingdetection,entropy"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> <h3 align="center">Detect packers on executable files using a simple entropy-based heuristic.</h3>

PyPi Python Versions Build Status License

REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.

lief is used for binary parsing.

$ pip install reminder-detector
$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

:bulb: Detection Mechanism

  1. Find the EP section
  2. Check whether it is writable
  3. If yes, check whether entropy is beyond a threshold (depending on the executable format)
  4. If yes, the input executable is packed ; otherwise, it is not

:star: Related Projects

You may also like these:

:clap: Supporters

Stargazers repo roster for @packing-box/REMINDer

Forkers repo roster for @packing-box/REMINDer

<p align="center"><a href="#"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a></p>