Giter Club home page Giter Club logo

awesome-executable-packing's Introduction

Awesome Executable Packing Awesome Tweet

A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others). Contains books, papers, blog posts, and other written resources but also packers and tools for detecting and unpacking executables.

Contents

πŸ“š Bibliography

Back to top

πŸ“‘ Datasets

  • Ember - Collection of features from PE files that serve as a benchmark dataset for researchers.
  • Malfease - Dataset of about 5,000 packed malware samples.
  • MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
  • MalwareGallery - Yet another malware collection in the Internet.
  • OARC - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to qualified academic and industry researchers upon request.
  • Open Malware - Online collection of malware samples.
  • PackingData - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW, Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
  • PackingData (sanitized) - Sanitized version of the original dataset, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be packed (having a same hash as the original unpacked executable).
  • Packware - Datasets and codes that are needed to reproduce the experiments in the paper "When Malware is Packin' Heat".
  • Runtime Packers Testset - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 versions and options, with a total of about 5,000 samples.
  • SOREL - Sophos-ReversingLabs 20 Million dataset.
  • theZoo - Project created to make the possibility of malware analysis open and available to the public.
  • VirusShare - Virus online database with more thant 44 millions of samples.
  • VX Heaven - Site dedicated to providing information about computer viruses to anyone who is interested in this topic.
  • WildList - Cooperative listing of malwares reported as being in the wild by security professionals.

Back to top

πŸ“¦ Packers

  • 20to4 - Executable compressor that is able to stuff about 20k of finest code and data into less than 4k.
  • 32Lite - Compression tool for executable files created with Watcom C/C++ compiler.
  • 624 - COM packer that can compress COM programs shorter than 25000 bytes.
  • ACProtect - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock code.
  • AHPack - PE and PE+ file packer.
  • AinEXE - DOS executable packer.
  • Alienyze - Advanced software protection and security for Windows 32-bit executables.
  • Alternate EXE Packer - Compression tool for executable files (type EXE) or DLL's relying on UPX 3.
  • Amber - Position-independent(reflective) PE loader that enables in-memory execution of native PE files(EXE, DLL, SYS.
  • Andromeda - Custom packer used in malware campaigns using RunPE techniques for evading AV mitigation methods.
  • aPack
  • APKProtect
  • Application Protector
  • Armadillo
  • ASPack
  • ASProtect 32
  • ASProtect 64
  • AT4RE Protector
  • AutoIT - Legitimate executable encryption service.
  • AverCryptor
  • AVPack
  • AXE
  • AxProtector
  • BangCle
  • Beria
  • Bero - Bero EXE Packer (BEP).
  • BIN-crypter - EXE protection software against crackers and decompilers.
  • BJFNT
  • BoxedApp Packer
  • Bundle EXE
  • BurnEye - Burneye ELF encryption program, x86-linux binary.
  • CauseWay Compressor
  • CEXE
  • Code Virtualizer - Powerful code obfuscation system for Windows, Linux and macOS applications that helps developers to protect their sensitive code areas against Reverse Engineering with very strong obfuscation code based on code virtualization.
  • ComPAck
  • ConfuserEx - An open-source, free protector for.
  • Crinkler
  • Cryptic
  • DalKrypt
  • DarkCrypt
  • DEPack
  • DexGuard
  • DexProtector
  • Diet
  • DotBundle
  • DotNetZ
  • DotProtect
  • DragonArmor
  • DXPack
  • ELFuck - ELF packer for i386 original version from sk2 by sd.
  • Enigma
  • Enigma Protector
  • Enigma Virtual Box
  • EP Protector
  • EPack
  • EPPort
  • Eronona-Packer - Packer for exe under win32.
  • Excalibur
  • EXE Bundle
  • EXE Guarder
  • EXE Stealth
  • EXE Wrapper
  • Exe32Pack
  • EXECrypt
  • EXECryptor
  • EXEPack.NET
  • eXPressor - EXE file compression tool.
  • Ezip
  • Ezuri - Simple Linux ELF Runtime Crypter.
  • FSG - Fast Small Good, perfect compressor for small EXE's.
  • GzExe - Executable compression tool.
  • HASP Envelope
  • HidePE
  • HmimysPack
  • hXOR-Packer
  • Ijiami
  • JDPack
  • JDProtect
  • Kbys
  • Kkrunchy - Small exe packer primarily meant for 64k intros.
  • Krypton
  • LameCrypt
  • LGLZ
  • LIAPP
  • LM-X License Manager - LM-X License Manager lets you protect your products against piracy by enforcing various levels of security, save time, and reduce business risks.
  • LxLite
  • LzExe
  • m0dern_p4cker - Just a modern packer for elf binaries ( works on linux executables only ).
  • MaskPE
  • Megalite
  • MEW
  • MidgetPack - Midgetpack is a binary packer for ELF binaries, such as burneye, upx or other tools.
  • MKFPack
  • MoleBox
  • Morphine
  • mPack - mPack - mario PACKersimple Win32 PE Executable compressor.
  • MPRESS
  • MSLRH
  • Mucki
  • Muncho - macOS executable packer.
  • NakedPacker
  • NCPH
  • NeLite
  • Neolite
  • NetCrypt - A proof-of-concept packer for.
  • NPack
  • NSAnti (Anti007) - PE (32-bits) packer.
  • NSPack - 32/64-bits exe, dll, ocx, scr Windows program compressor.
  • NTPacker - PE file packer relying on aPlib for compression and/or XOR for encryption.
  • Obsidium - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to protect your 32- and 64-bit Windows software applications and games from reverse engineering.
  • ORiEN
  • Origami - Packer compressing.
  • PACK
  • Pack Master
  • PackItBitch
  • PackMan
  • Pakkero - Binary packer written in Go made for fun and educational purpose.
  • PangXie
  • Papaw
  • PC-Guard
  • PCShrinker
  • PE Cryptor
  • PE-Armor
  • PE-Packer - Simple packer for Windows 32-bits PE files.
  • PE-Protector
  • PE-Toy - A PE file packer.
  • PEBundle
  • PECompact
  • PEDiminisher
  • PELock
  • PEncrypt
  • PENinja
  • PEPack
  • PePacker - Simple PE Packer Which Encrypts.
  • PEShield - Program which encrypts 32-bit Windows EXE files.
  • PESpin
  • PEtite - Free Win32 (Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc) compressor.
  • PEX
  • PEzor - Open-Source Shellcode & PE Packer.
  • PK-Smart
  • PKlite
  • PMode
  • PMWLITE
  • PolyCrypt
  • PolyEne
  • Polymorph Crypter
  • PolyPack
  • Private EXE Protector
  • Pro-Pack
  • Qihoo
  • RCryptor
  • RJCrush
  • RLPack - Relies on aPLib 0.
  • Rubbish
  • RUCC
  • SDProtector
  • SecuPack
  • SePACKER - Simple Executable Packer is compressing executables' code section inorder to decrease size of binary files.
  • Shiva - Tool for encrypting ELF executables under Linux.
  • Shrinker
  • Silent-Packer - Silent Packer is an ELF / PE packer written in pure C.
  • Simple-PE32-Packer - Simple PE32 Packer with aPLib compression library.
  • Smart Packer
  • SPack
  • ST Protector
  • StealthPE
  • SVK Protector
  • SysPack - Device drivers compressor.
  • T-Pack
  • tElock - Practical tool that intends to help developers who want to protect their work and reduce the size of the executable files.
  • theArk - Windows x86 PE Packer In C++.
  • Themida - Converts the original x86 instructions into virtual instructions in its own randomized instruction set, and then interpret these virtual instructions at run-time.
  • TinyProg
  • Trojan Protect
  • TTProtect
  • UPack
  • UPC
  • UPolyX
  • UPX - Ultimate Packer for eXecutables.
  • V2Packer
  • Vacuum
  • VMProtect - Protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software.
  • Ward - Simple implementation of an ELF packer that creates stealthy droppers for loading malicious ELFs in-memory.
  • WinCrypt
  • Winkrypt
  • WinUpack
  • WWPack
  • XComp
  • XE
  • xorPacker - Simple packer working with all PE files which cipher your exe with a XOR implementation.
  • XPA
  • XPack
  • Yoda Protector - Free, open source, Windows 32-bit software protector.
  • Yoda's Crypter - PE crypter made with Visual C++ 7.
  • ZProtect - Zprotect goes beyond traditional obfuscation methods.

Back to top

πŸ”§ Tools

  • .NET Deobfuscator - List of.
  • Android Unpacker - Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0.
  • aPLib - Compression library based on the algorithm used in aPACK.
  • AppSpear - Universal and automated unpacking system suitable for both Dalvik and ART.
  • Bintropy - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
  • BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
  • Clamscan Unpacker - Unpacker derived from ClamAV.
  • de4dot
  • de4js - JavaScript Deobfuscator and Unpacker.
  • DIE - Detect It Easy ; program for determining types of files.
  • Ether - Precision universal automated unpacker.
  • Eureka - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing.
  • EXEInfo-PE - Fast detector for executable PE files.
  • EXETools (Packers) - Repository of packers.
  • EXETools (Unpackers) - Repository of unpackers.
  • FUU - Fast Universal Unpacker.
  • GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
  • Justin - Just-In-Time AV scanning ; generic unpacking solution.
  • Manalyze - Robust parser for PE files with a flexible plugin architecture which allows users to statically analyze files in-depth.
  • OEPdet - Automated original-entry-point detector.
  • OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
  • PackerAttacker - Tool that uses memory and code hooks to detect packers.
  • PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
  • PackerGrind - Adaptive unpacking tool for tracking packing bahaviors and unpacking Android packed apps.
  • PackerID - Fork of packerid.
  • Packing-Box - Docker image gathering many packing-related tools and for making datasets of packed executables for use with machine learning.
  • Pandora's Bochs - Extension to the Bochs PC eumlator to enable it to monitor execution of the unpacking stubs for extracting the original code.
  • PEFrame - Tool for performing static analysis on PE malware and generic suspicious files.
  • PEiD - Packed Executable iDentifier.
  • PEiD (reborn) - Python implementation of PEiD featuring an additional tool for making new signatures.
  • PEiD (yara) - Yet another implementation of PEiD with yara.
  • PeLib - PE file manipulation library.
  • PEPack - PE file packer detection tool, part of the Unix package "pev".
  • PINdemonium - Unpacker for PE files exploiting the capabilities of PIN.
  • PolyUnpack - Implemention attempt of the general approach for extracting the original hidden code of PE files without any heuristic assumptions.
  • PortEx - Java library for static malware analysis of PE files.
  • PyPackerDetect - Small python script/library to detect whether an executable is packed.
  • PyPackerDetect (refactored) - A complete refactoring of the original project to a Python package with a console script to detect whether an executable is packed.
  • PyPeid - Yet another implementation of PEiD with yara-python.
  • Quick Unpack - Generic unpacker that facilitates the unpacking process.
  • RapidEXE - Simple and efficient way to convert a PHP/Python script to a standalone executable.
  • RDG Packer Detector - Packer detection tool.
  • REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
  • Renovo - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after the program starts.
  • RetDec - Retargetable machine-code decompiler based on LLVM.
  • SymPack - Safe, portable, largely effective but not generic library for packing detection and unpacking.
  • Unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation.
  • UnpacMe - Automated malware unpacking service.
  • Unpckarc - Packed executables detection tool relying on several heuristics.
  • Uunp (IDA Pro plugin) - IDA Pro debugger plug-in module automating the analysis and unpacking of packed binaries.
  • VirusTotal - File analysis Web service for detecting malware.
  • VMUnpacker - Unpacker based on the technology of virtual machine.

Back to top

Contributing

Contributions are welcome! Please read the contribution guidelines first.

awesome-executable-packing's People

Contributors

dhondta avatar

Stargazers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.