Description:

reminderdetector 1.2.1

REMINDer
Detect packers on executable files using a simple entropy-based heuristic.




REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.
lief is used for binary parsing.
$ pip install reminder-detector

$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

Detection Mechanism

Find the EP section
Check whether it is writable
If yes, check whether entropy is beyond a threshold (depending on the executable format)
If yes, the input executable is packed ; otherwise, it is not

Related Projects
You may also like these:

Awesome Executable Packing: A curated list of awesome resources related to executable packing.
Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
DSFF: Library implementing the DataSet File Format (DSFF).
PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
PyPackerDetect: Packing detection tool for PE files (fork of this repository).

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter