GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → cylance → PyPackerDetect

cylance / PyPackerDetect

Licence: AGPL-3.0 license
A malware dataset curation tool which helps identify packed samples.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pefilesecuritypackermalwarepeid

Projects that are alternatives of or similar to PyPackerDetect

Runpe In Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
Stars: ✭ 249 (+822.22%)
Mutual labels:  packer, malware
unprotect
Unprotect is a python tool for parsing PE malware and extract evasion techniques.
Stars: ✭ 75 (+177.78%)
Mutual labels:  packer, malware
kiteshield
Packer/Protector for x86-64 ELF binaries on Linux
Stars: ✭ 71 (+162.96%)
Mutual labels:  packer, malware
ThreadBoat
Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
Stars: ✭ 162 (+500%)
Mutual labels:  malware
xpeppers-discourse
Provisioning of @discourse
Stars: ✭ 22 (-18.52%)
Mutual labels:  packer
JavaRansomware
Simple Ransomware Tool in Pure Java
Stars: ✭ 99 (+266.67%)
Mutual labels:  malware
impfuzzy
Fuzzy Hash calculated from import API of PE files
Stars: ✭ 67 (+148.15%)
Mutual labels:  malware
madalynn-packer
Packer configuration for Ubuntu Server 18.04, 20.04 and 22.04 for Proxmox.
Stars: ✭ 48 (+77.78%)
Mutual labels:  packer
packer.py
use python to run hashicorp packer cli commands
Stars: ✭ 21 (-22.22%)
Mutual labels:  packer
Static-Malware-Analyses
A open source Python script to perform static analysis on a Malware Binary File (portable executable).
Stars: ✭ 15 (-44.44%)
Mutual labels:  malware
ubuntu-vagrant
Ubuntu Linux Vagrant Base Box (https://app.vagrantup.com/rgl)
Stars: ✭ 25 (-7.41%)
Mutual labels:  packer
hacking-resources
Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
Stars: ✭ 1,386 (+5033.33%)
Mutual labels:  malware
go-malware
Golang Virus Examples
Stars: ✭ 67 (+148.15%)
Mutual labels:  malware
SwitHak.github.io
SwitHak' Security Place for my Opinions and Work
Stars: ✭ 30 (+11.11%)
Mutual labels:  malware
decrypticon
Java-layer Android Malware Simplifier
Stars: ✭ 17 (-37.04%)
Mutual labels:  malware
training-materials
No description or website provided.
Stars: ✭ 47 (+74.07%)
Mutual labels:  malware
antianalysis demos
Set of antianalysis techniques found in malware
Stars: ✭ 108 (+300%)
Mutual labels:  malware
docker-hands-on-guide
Hands on guide for docker, k8s cluster lightweight virtualization.
Stars: ✭ 25 (-7.41%)
Mutual labels:  packer
zookeeper-on-aws
zookeeper-on-aws (with dynamic reconfiguration based on r3.5.3-beta)
Stars: ✭ 15 (-44.44%)
Mutual labels:  packer
gocave
Finding code caves in ELF files with GoLang
Stars: ✭ 22 (-18.52%)
Mutual labels:  malware
View All Similar Projects ➔

PyPackerDetect

A small python script/library to detect whether an executable is packed.

This is one of many tools we use for dataset curation within the ARG team at Cylance. Accuracy is not perfect, but is sufficient in accomplishing what we need.

Tested and devloped using Python 3.

pefile is used for PE parsing, found in ./deps/libpefile.

PEID Signatures are also used. There are two signature collections compiled from multiple online sources, found in ./deps/peid.

Multiple other hueristics are used for detection, and those are found in *Detector.py files, with the base class in PackerDetector.py.

Usage

Example usage is in DetectPacker.py. Can be run via command line.

Detection Mechanisms

  • PEID signatures
  • Known packer section names
  • Entrypoint in non-standard section
  • Threshhold of non-standard sections reached
  • Low number of imports
  • Overlapping entrypoint sections

Resources

Big thanks to Hexacorn, a good portion of the known PE section names come from there.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].