reminder-detector 1.2.1

Creator: railscoder56

Last updated:

0 purchases

reminder-detector 1.2.1 Image
reminder-detector 1.2.1 Images

Languages

Categories

Add to Cart

Description:

reminderdetector 1.2.1

REMINDer
Detect packers on executable files using a simple entropy-based heuristic.




REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.
lief is used for binary parsing.
$ pip install reminder-detector

$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

Detection Mechanism

Find the EP section
Check whether it is writable
If yes, check whether entropy is beyond a threshold (depending on the executable format)
If yes, the input executable is packed ; otherwise, it is not

Related Projects
You may also like these:

Awesome Executable Packing: A curated list of awesome resources related to executable packing.
Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
DSFF: Library implementing the DataSet File Format (DSFF).
PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
PyPackerDetect: Packing detection tool for PE files (fork of this repository).

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Customer Reviews

There are no reviews.