Re-implementation and packaging of PyPackerDetect

packing, packed-executable, packing-detection, pe, binary-analysis, detector, entrypoint, executable-packing, malware-analysis, malware-packers, malware-research, pe-file, pe-files, pe-format, pe-sections, peid, peid-signature, python, research-tools, signature-detection
pip install pypackerdetect==1.1.0


PyPackerDetect Tweet

Detect packers on PE files using heuristics and signatures.

PyPi Python Versions Build Status DOI License

A complete refactoring of this project to a Python package with a console script to detect whether an executable is packed.

pefile is used for PE parsing. peid is used as implementation of PEiD.

$ pip install pypackerdetect
$ pypackerdetect --help
usage examples:
- pypackerdetect program.exe
- pypackerdetect program.exe -b
- pypackerdetect program.exe --low-imports --unknown-sections
- pypackerdetect program.exe --imports-threshold 5 --bad-sections-threshold 5

💡 Detection Mechanisms

  • PEID signatures
  • Known packer section names
  • Entrypoint in non-standard section
  • Threshhold of non-standard sections reached
  • Low number of imports
  • Overlapping entrypoint sections

Related Projects

You may also like these:

👏 Supporters

Stargazers repo roster for @packing-box/PyPackerDetect

Forkers repo roster for @packing-box/PyPackerDetect

Back to top