Pypackerdetect 1.1.2

Description:

pypackerdetect 1.1.2

PyPackerDetect
Detect packers on PE files using heuristics and signatures.

A complete refactoring of this project to a Python package with a console script to detect whether an executable is packed.
pefile is used for PE parsing. peid is used as implementation of PEiD.
$ pip install pypackerdetect

$ pypackerdetect --help
[...]
usage examples:
- pypackerdetect program.exe
- pypackerdetect program.exe -b
- pypackerdetect program.exe --low-imports --unknown-sections
- pypackerdetect program.exe --imports-threshold 5 --bad-sections-threshold 5

Detection Mechanisms

PEID signatures
Known packer section names
Entrypoint in non-standard section
Threshhold of non-standard sections reached
Low number of imports
Overlapping entrypoint sections

Related Projects
You may also like these:

Awesome Executable Packing: A curated list of awesome resources related to executable packing.
Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
DSFF: Library implementing the DataSet File Format (DSFF).
PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
REMINDer: Packing detector using a simple heuristic (inspired from this paper).