Awesome Executable Packing
A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others). Contains books, papers, blog posts, and other written resources but also packers and tools for detecting and unpacking executables.
Contents
π Bibliography
- π Absent extreme learning machine algorithm with application to packed executable identification (January 2016)
- π An Accurate Packer Identification Method Using Support Vector Machine (January 2014)
- π Adaptive Unpacking of Android Apps (May 2017)
- π All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis (January 2019)
- π Analysis of machine learning approaches to packing detection (May 2021)
- π Android Packers: Separating from the Pack (June 2014)
- π API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers (July 2015)
- π Application of string kernel based support vector machine for malware packer identification (August 2013)
- π AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware (November 2015)
- π The Art of Unpacking (September 2015)
- π Automatic Static Unpacking of Malware Binaries (October 2009)
- π BareUnpack: Generic Unpacking on the Bare-Metal Operating System (December 2018)
- π Binary-Code Obfuscations in Prevalent Packer Tools (October 2013)
- π BinStat Tool for Recognition of Packed Executables (September 2010)
- π BitBlaze: A New Approach to Computer Security via Binary Analysis (December 2008)
- π Boosting Scalability in Anomaly-Based Packed Executable Filtering (November 2011)
- π Building a smart and automated tool for packed malware detections using machine learning (June 2020)
- π ByteWise: A case study in neural network obfuscation identification (January 2018)
- π Challenging anti-virus through evolutionary malware obfuscation (April 2016)
- π Classification of packed executables for accurate computer virus detection (October 2008)
- π Classifying Packed Programs as Malicious Software Detected (December 2016)
- π Cloak and Dagger: Unpacking Hidden Malware Attacks (December 2016)
- π Collective Classification for Packed Executable Identification (June 2012)
- π A Comparative Analysis of Classifiers in the Recognition of Packed Executables (November 2019)
- π A Comparative Assessment of Malware Classification Using Binary Texture Analysis and Dynamic Analysis (September 2011)
- π Comparing Malware Samples for Unpacking: A Feasibility Study (August 2016)
- π A Consistently-Executing Graph-Based Approach for Malware Packer Identification (April 2019)
- π A control flow graph-based signature for packer identification (October 2017)
- π Countering entropy measure attacks on packed software detection (January 2012)
- π Denial-of-Service Attacks on Host-Based Generic Unpackers (December 2009)
- π Deobfuscation of Packed and Virtualization-Obfuscation Protected Binaries (June 2011)
- π Design and development of a new scanning core engine for malware detection (October 2012)
- π Design and Performance Evaluation of Binary Code Packing for Protecting Embedded Software against Reverse Engineering (May 2010)
- π Detecting Packed Executable File: Supervised or Anomaly Detection Method? (August 2016)
- π Detecting packed executables based on raw binary data (June 2010)
- π Detecting packed executables using steganalysis (December 2014)
- π Detection of metamorphic malware packers using multilayered LSTM networks (November 2020)
- π Detection of packed executables using support vector machines (July 2011)
- π Detection of Packed Malware (August 2012)
- π DexHunter: Toward Extracting Hidden Code from Packed Android Applications (September 2015)
- π Dynamic Binary Instrumentation for Deobfuscation and Unpacking (November 2009)
- π Dynamic classification of packing algorithms for inspecting executables using entropy analysis (October 2013)
- π Effective, efficient, and robust packing detection and classification (January 2018)
- π Efficient and Automatic Instrumentation for Packed Binaries (June 2009)
- π Efficient automatic original entry point detection (January 2019)
- π An efficient block-discriminant identification of packed malware (August 2015)
- π Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel (July 2013)
- π Efficient SVM Based Packer Identification with Binary Diffing Measures (July 2019)
- π ELF-Miner: Using structural knowledge and data mining methods to detect new (Linux) malicious executables (March 2012)
- π An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation (September 2011)
- π Encoded Executable File Detection Technique via Executable File Header Analysis (April 2009)
- π Entropy analysis to classify unknown packing algorithms for malware detection (May 2016)
- π ESCAPE: Entropy Score Analysis of Packed Executable (October 2012)
- π Ether: Malware analysis via hardware virtualization extensions (2008)
- π Eureka: A Framework for Enabling Static Malware Analysis (October 2008)
- π Experimental Comparison of Machine Learning Models in Malware Packing Detection (September 2020)
- π An Experimental Study on Identifying Obfuscation Techniques in Packer (June 2016)
- π A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost (April 2010)
- π Feature set reduction for the detection of packed executables (June 2014)
- π A Fine-Grained Classification Approach for the Packed Malicious Code (October 2012)
- π A Generic Approach to Automatic Deobfuscation of Executable Code (May 2015)
- π Generic Packing Detection using Several Complexity Analysis for Accurate Malware Detection (January 2014)
- π Generic unpacker of executable files (April 2015)
- π Generic Unpacking Method Based on Detecting Original Entry Point (November 2013)
- π Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs (May 2009)
- π Generic unpacking techniques (February 2009)
- π Generic unpacking using entropy analysis (October 2010)
- π Gunpack: un outil gΓ©nΓ©rique d'unpacking de malwares (June 2016)
- π A heuristic approach for detection of obfuscated malware (June 2009)
- π A Heuristics-based Static Analysis Approach for Detecting Packed PE Binaries (October 2013)
- π An Implementation of a Generic Unpacking Method on Bochs Emulator (September 2009)
- π Implementing your own generic unpacker (October 2015)
- π Information Theoretic Method for Classification of Packed and Encoded Files (September 2015)
- π Instructions-Based Detection of Sophisticated Obfuscation and Packing (October 2014)
- π A learning model to detect maliciousness of portable executable using integrated feature set (January 2017)
- π Maitland: Analysis of Packed and Encrypted Malware via Paravirtualization Extensions (June 2012)
- π Mal-EVE: Static detection model for evasive malware (August 2015)
- π Mal-Flux: Rendering hidden code of packed binary executable (March 2019)
- π Mal-XT: Higher accuracy hidden-code extraction of packed binary executable (November 2018)
- π Mal-Xtract: Hidden Code Extraction using Memory Analysis (January 2017)
- π Malware Analysis using Multiple API Sequence Mining Control Flow Graph (July 2017)
- π Malware analysis using visualized images and entropy graphs (February 2015)
- π Malware obfuscation techniques: A brief survey (November 2010)
- π Malware obfuscation through evolutionary packers (July 2015)
- π Malwise - An Effective and Efficient Classification System for Packed and Polymorphic Malware (June 2013)
- π McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables (December 2008)
- π Memory behavior-based automatic malware unpacking in stealth debugging environment (October 2010)
- π Modern linux malware exposed (June 2018)
- π MutantX-S: Scalable malware clustering based on static features (June 2013)
- π The new signature generation method based on an unpacking algorithm and procedure for a packer detection (February 2011)
- π Obfuscation: The Hidden Malware (August 2011)
- π Obfuscation: Where are we in anti-DSE protections? (a first attempt) (December 2019)
- π OmniUnpack: Fast, Generic, and Safe Unpacking of Malware (December 2007)
- π On the adoption of anomaly detection for packed executable filtering (June 2014)
- π One packer to rule them all: Empirical identification, comparison and circumvention of current Antivirus detection techniques (July 2014)
- π One packer to rule them all: Empirical identification, comparison and circumvention of current Antivirus detection techniques (July 2014)
- π OPEM: A Static-Dynamic Approach for Machine-Learning-Based Malware Detection (September 2012)
- π An Original Entry Point Detection Method with Candidate-Sorting for More Effective Generic Unpacking (January 2015)
- π Packed Malware Detection using Entropy Related Analysis: A Survey (November 2015)
- π Packed malware variants detection using deep belief networks (March 2020)
- π Packed PE File Detection for Malware Forensics (December 2009)
- π Packer Analysis Report Debugging and Unpacking the NsPack 3.4 and 3.7 Packer (June 2010)
- π Packer Classifier Based on PE Header Information (April 2015)
- π Packer Detection for Multi-Layer Executables Using Entropy Analysis (March 2017)
- π Packer Identification Based on Metadata Signature (December 2017)
- π Packer identification method based on byte sequences (November 2018)
- π Packer identification using Byte plot and Markov plot (September 2015)
- π Packer Identification Using Hidden Markov Model (November 2017)
- π Packer-Complexity Analysis in PANDA (January 2018)
- π Pandora's Bochs: Automatic Unpacking of Malware (January 2008)
- π Pattern Recognition Techniques for the Classification of Malware Packers (July 2010)
- π PE File Features in Detection of Packed Executables (January 2012)
- π PE File Header Analysis-Based Packed PE File Detection Technique (PHAD) (October 2008)
- π PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables (June 2009)
- π PEAL - Packed Executable AnaLysis (January 2012)
- π PinDemonium: a DBI-based generic unpacker for Windows executables (July 2016)
- π PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware (December 2006)
- π Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem (February 2020)
- π RAMBO: Run-Time Packer Analysis with Multiple Branch Observation (July 2016)
- π REFORM: A framework for malware packer analysis using information theory and statistical methods (April 2010)
- π Renovo: A Hidden Code Extractor for Packed Executables (November 2007)
- π RePEconstruct: reconstructing binaries with self-modifying code and import address table destruction (October 2016)
- π Research and Implementation of Compression Shell Unpacking Technology for PE File (May 2009)
- π Revealing Packed Malware (September 2008)
- π Reverse Engineering Self-Modifying Code: Unpacker Extraction (October 2010)
- π Runtime Packers Testing Experiences (May 2008)
- π Runtime Packers: The Hidden Problem? (July 2006)
- π SATURN - software deobfuscation framework based on LLVM (November 2019)
- π SCORE: Source Code Optimization & REconstruction (July 2020)
- π SE-PAC: A self-evolving PAcker classifier against rapid packers evolution (April 2021)
- π Secure and advanced unpacking using computer emulation (August 2007)
- π Semi-supervised learning for packed executable detection (September 2011)
- π Semi-supervised Learning for Unknown Malware Detection (April 2011)
- π Sensitive system calls based packed malware variants detection using principal component initialized MultiLayers neural networks (September 2018)
- π SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers (May 2015)
- π SPADE: Signature Based PAcker DEtection (August 2012)
- π A Static, Packer-Agnostic Filter to Detect Similar Malware Samples (July 2012)
- π Structural Feature Based Anomaly Detection for Packed Executable Identification (June 2011)
- π The study of evasion of packed PE from static detection (June 2012)
- π A Study of the Packer Problem and Its Solutions (September 2008)
- π Survey on malware evasion techniques: State of the art and challenges (February 2012)
- π Syntia: Synthesizing the Semantics of Obfuscated Code (August 2017)
- π Things You May Not Know About Android (Un) Packers: A Systematic Study based on Whole-System Emulation. (February 2018)
- π Thwarting Real-Time Dynamic Unpacking (January 2011)
- π TitanMist: Your First Step to Reversing Nirvana (July 2010)
- π Toward Generic Unpacking Techniques for Malware Analysis with Quantification of Code Revelation (August 2009)
- π Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost (October 2018)
- π Two Techniques for Detecting Packed Portable Executable Files (June 2013)
- π Unpacking Framework for Packed Malicious Executables (July 2013)
- π Unpacking Techniques and Tools in Malware Analysis (September 2012)
- π Unpacking Virtualization Obfuscators (August 2009)
- π UnThemida: Commercial obfuscation technique analysis with a fully obfuscated program (July 2018)
- π Using Entropy Analysis to Find Encrypted and Packed Malware (March 2007)
- π VMAttack: Deobfuscating Virtualization-Based Packed Binaries (August 2017)
- π WaveAtlas: Surfing Through the Landscape of Current Malware Packers (September 2015)
- π We Can Still Crack You! General unpacking method for Android Packer(NO ROOT) (September 2015)
- π When malware is packing heat (January 2018)
- π Writing a Packer (2021)
- π Writing a simple PE Packer in detail (March 2019)
- π WYSINWYX: What you see is not what you EXecute (August 2010)
- π x64Unpack: Hybrid Emulation Unpacker for 64-bit Windows Environments and Detailed Analysis Results on VMProtect 3.4 (July 2020)
π Datasets
- Ember - Collection of features from PE files that serve as a benchmark dataset for researchers.
- Malfease - Dataset of about 5,000 packed malware samples.
- MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
- MalwareGallery - Yet another malware collection in the Internet.
- OARC - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to qualified academic and industry researchers upon request.
- Open Malware - Online collection of malware samples.
- PackingData - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW, Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
- PackingData (sanitized) - Sanitized version of the original dataset, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be packed (having a same hash as the original unpacked executable).
- Packware - Datasets and codes that are needed to reproduce the experiments in the paper "When Malware is Packin' Heat".
- Runtime Packers Testset - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 versions and options, with a total of about 5,000 samples.
- SOREL - Sophos-ReversingLabs 20 Million dataset.
- theZoo - Project created to make the possibility of malware analysis open and available to the public.
- VirusShare - Virus online database with more thant 44 millions of samples.
- VX Heaven - Site dedicated to providing information about computer viruses to anyone who is interested in this topic.
- WildList - Cooperative listing of malwares reported as being in the wild by security professionals.
π¦ Packers
- 20to4 - Executable compressor that is able to stuff about 20k of finest code and data into less than 4k.
- 32Lite - Compression tool for executable files created with Watcom C/C++ compiler.
- 624 - COM packer that can compress COM programs shorter than 25000 bytes.
- ACProtect - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock code.
- AHPack - PE and PE+ file packer.
- AinEXE - DOS executable packer.
- Alienyze - Advanced software protection and security for Windows 32-bit executables.
- Alternate EXE Packer - Compression tool for executable files (type EXE) or DLL's relying on UPX 3.
- Amber - Position-independent(reflective) PE loader that enables in-memory execution of native PE files(EXE, DLL, SYS.
- Andromeda - Custom packer used in malware campaigns using RunPE techniques for evading AV mitigation methods.
- aPack
- APKProtect
- Application Protector
- Armadillo
- ASPack
- ASProtect 32
- ASProtect 64
- AT4RE Protector
- AutoIT - Legitimate executable encryption service.
- AverCryptor
- AVPack
- AXE
- AxProtector
- BangCle
- Beria
- Bero - Bero EXE Packer (BEP).
- BIN-crypter - EXE protection software against crackers and decompilers.
- BJFNT
- BoxedApp Packer
- Bundle EXE
- BurnEye - Burneye ELF encryption program, x86-linux binary.
- CauseWay Compressor
- CEXE
- Code Virtualizer - Powerful code obfuscation system for Windows, Linux and macOS applications that helps developers to protect their sensitive code areas against Reverse Engineering with very strong obfuscation code based on code virtualization.
- ComPAck
- ConfuserEx - An open-source, free protector for.
- Crinkler
- Cryptic
- DalKrypt
- DarkCrypt
- DEPack
- DexGuard
- DexProtector
- Diet
- DotBundle
- DotNetZ
- DotProtect
- DragonArmor
- DXPack
- ELFuck - ELF packer for i386 original version from sk2 by sd.
- Enigma
- Enigma Protector
- Enigma Virtual Box
- EP Protector
- EPack
- EPPort
- Eronona-Packer - Packer for exe under win32.
- Excalibur
- EXE Bundle
- EXE Guarder
- EXE Stealth
- EXE Wrapper
- Exe32Pack
- EXECrypt
- EXECryptor
- EXEPack.NET
- eXPressor - EXE file compression tool.
- Ezip
- Ezuri - Simple Linux ELF Runtime Crypter.
- FSG - Fast Small Good, perfect compressor for small EXE's.
- GzExe - Executable compression tool.
- HASP Envelope
- HidePE
- HmimysPack
- hXOR-Packer
- Ijiami
- JDPack
- JDProtect
- Kbys
- Kkrunchy - Small exe packer primarily meant for 64k intros.
- Krypton
- LameCrypt
- LGLZ
- LIAPP
- LM-X License Manager - LM-X License Manager lets you protect your products against piracy by enforcing various levels of security, save time, and reduce business risks.
- LxLite
- LzExe
- m0dern_p4cker - Just a modern packer for elf binaries ( works on linux executables only ).
- MaskPE
- Megalite
- MEW
- MidgetPack - Midgetpack is a binary packer for ELF binaries, such as burneye, upx or other tools.
- MKFPack
- MoleBox
- Morphine
- mPack - mPack - mario PACKersimple Win32 PE Executable compressor.
- MPRESS
- MSLRH
- Mucki
- Muncho - macOS executable packer.
- NakedPacker
- NCPH
- NeLite
- Neolite
- NetCrypt - A proof-of-concept packer for.
- NPack
- NSAnti (Anti007) - PE (32-bits) packer.
- NSPack - 32/64-bits exe, dll, ocx, scr Windows program compressor.
- NTPacker - PE file packer relying on aPlib for compression and/or XOR for encryption.
- Obsidium - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to protect your 32- and 64-bit Windows software applications and games from reverse engineering.
- ORiEN
- Origami - Packer compressing.
- PACK
- Pack Master
- PackItBitch
- PackMan
- Pakkero - Binary packer written in Go made for fun and educational purpose.
- PangXie
- Papaw
- PC-Guard
- PCShrinker
- PE Cryptor
- PE-Armor
- PE-Packer - Simple packer for Windows 32-bits PE files.
- PE-Protector
- PE-Toy - A PE file packer.
- PEBundle
- PECompact
- PEDiminisher
- PELock
- PEncrypt
- PENinja
- PEPack
- PePacker - Simple PE Packer Which Encrypts.
- PEShield - Program which encrypts 32-bit Windows EXE files.
- PESpin
- PEtite - Free Win32 (Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc) compressor.
- PEX
- PEzor - Open-Source Shellcode & PE Packer.
- PK-Smart
- PKlite
- PMode
- PMWLITE
- PolyCrypt
- PolyEne
- Polymorph Crypter
- PolyPack
- Private EXE Protector
- Pro-Pack
- Qihoo
- RCryptor
- RJCrush
- RLPack - Relies on aPLib 0.
- Rubbish
- RUCC
- SDProtector
- SecuPack
- SePACKER - Simple Executable Packer is compressing executables' code section inorder to decrease size of binary files.
- Shiva - Tool for encrypting ELF executables under Linux.
- Shrinker
- Silent-Packer - Silent Packer is an ELF / PE packer written in pure C.
- Simple-PE32-Packer - Simple PE32 Packer with aPLib compression library.
- Smart Packer
- SPack
- ST Protector
- StealthPE
- SVK Protector
- SysPack - Device drivers compressor.
- T-Pack
- tElock - Practical tool that intends to help developers who want to protect their work and reduce the size of the executable files.
- theArk - Windows x86 PE Packer In C++.
- Themida - Converts the original x86 instructions into virtual instructions in its own randomized instruction set, and then interpret these virtual instructions at run-time.
- TinyProg
- Trojan Protect
- TTProtect
- UPack
- UPC
- UPolyX
- UPX - Ultimate Packer for eXecutables.
- V2Packer
- Vacuum
- VMProtect - Protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software.
- Ward - Simple implementation of an ELF packer that creates stealthy droppers for loading malicious ELFs in-memory.
- WinCrypt
- Winkrypt
- WinUpack
- WWPack
- XComp
- XE
- xorPacker - Simple packer working with all PE files which cipher your exe with a XOR implementation.
- XPA
- XPack
- Yoda Protector - Free, open source, Windows 32-bit software protector.
- Yoda's Crypter - PE crypter made with Visual C++ 7.
- ZProtect - Zprotect goes beyond traditional obfuscation methods.
π§ Tools
- .NET Deobfuscator - List of.
- Android Unpacker - Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0.
- aPLib - Compression library based on the algorithm used in aPACK.
- AppSpear - Universal and automated unpacking system suitable for both Dalvik and ART.
- Bintropy - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
- BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
- Clamscan Unpacker - Unpacker derived from ClamAV.
- de4dot
- de4js - JavaScript Deobfuscator and Unpacker.
- DIE - Detect It Easy ; program for determining types of files.
- Ether - Precision universal automated unpacker.
- Eureka - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing.
- EXEInfo-PE - Fast detector for executable PE files.
- EXETools (Packers) - Repository of packers.
- EXETools (Unpackers) - Repository of unpackers.
- FUU - Fast Universal Unpacker.
- GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
- Justin - Just-In-Time AV scanning ; generic unpacking solution.
- Manalyze - Robust parser for PE files with a flexible plugin architecture which allows users to statically analyze files in-depth.
- OEPdet - Automated original-entry-point detector.
- OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
- PackerAttacker - Tool that uses memory and code hooks to detect packers.
- PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
- PackerGrind - Adaptive unpacking tool for tracking packing bahaviors and unpacking Android packed apps.
- PackerID - Fork of packerid.
- Packing-Box - Docker image gathering many packing-related tools and for making datasets of packed executables for use with machine learning.
- Pandora's Bochs - Extension to the Bochs PC eumlator to enable it to monitor execution of the unpacking stubs for extracting the original code.
- PEFrame - Tool for performing static analysis on PE malware and generic suspicious files.
- PEiD - Packed Executable iDentifier.
- PEiD (reborn) - Python implementation of PEiD featuring an additional tool for making new signatures.
- PEiD (yara) - Yet another implementation of PEiD with yara.
- PeLib - PE file manipulation library.
- PEPack - PE file packer detection tool, part of the Unix package "pev".
- PINdemonium - Unpacker for PE files exploiting the capabilities of PIN.
- PolyUnpack - Implemention attempt of the general approach for extracting the original hidden code of PE files without any heuristic assumptions.
- PortEx - Java library for static malware analysis of PE files.
- PyPackerDetect - Small python script/library to detect whether an executable is packed.
- PyPackerDetect (refactored) - A complete refactoring of the original project to a Python package with a console script to detect whether an executable is packed.
- PyPeid - Yet another implementation of PEiD with yara-python.
- Quick Unpack - Generic unpacker that facilitates the unpacking process.
- RapidEXE - Simple and efficient way to convert a PHP/Python script to a standalone executable.
- RDG Packer Detector - Packer detection tool.
- REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
- Renovo - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after the program starts.
- RetDec - Retargetable machine-code decompiler based on LLVM.
- SymPack - Safe, portable, largely eο¬ective but not generic library for packing detection and unpacking.
- Unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation.
- UnpacMe - Automated malware unpacking service.
- Unpckarc - Packed executables detection tool relying on several heuristics.
- Uunp (IDA Pro plugin) - IDA Pro debugger plug-in module automating the analysis and unpacking of packed binaries.
- VirusTotal - File analysis Web service for detecting malware.
- VMUnpacker - Unpacker based on the technology of virtual machine.
Contributing
Contributions are welcome! Please read the contribution guidelines first.