Awesome
<p align="center"><img src="https://github.com/packing-box/REMINDer/raw/main/docs/logo.png"></p> <h1 align="center">REMINDer <a href="https://twitter.com/intent/tweet?text=REMINDer%20-%20Packer%20detector%20using%20an%20entropy-based%20heuristic.%0D%0Ahttps%3a%2f%2fgithub%2ecom%2fpacking-box%2fREMINDer%0D%0A&hashtags=python,packer,packingdetection,entropy"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> <h3 align="center">Detect packers on executable files using a simple entropy-based heuristic.</h3>
REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.
lief is used for binary parsing.
$ pip install reminder-detector
$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9
:bulb: Detection Mechanism
- Find the EP section
- Check whether it is writable
- If yes, check whether entropy is beyond a threshold (depending on the executable format)
- If yes, the input executable is packed ; otherwise, it is not
:star: Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
- PyPackerDetect: Packing detection tool for PE files (fork of this repository).