Skip to content

Latest commit

 

History

History
55 lines (38 loc) · 3.67 KB

README.md

File metadata and controls

55 lines (38 loc) · 3.67 KB

REMINDer Tweet

Detect packers on executable files using a simple entropy-based heuristic.

PyPi Python Versions Build Status License

REMINDer (REsponse tool for Malware INDication) is an implementation based on this paper into a Python package with a console script to detect whether an executable is packed using a simple heuristic.

lief is used for binary parsing.

$ pip install reminder-detector
$ reminder --help
[...]
usage examples:
- reminder program.exe
- reminder /bin/ls --entropy-threshold 6.9

💡 Detection Mechanism

  1. Find the EP section
  2. Check whether it is writable
  3. If yes, check whether entropy is beyond a threshold (depending on the executable format)
  4. If yes, the input executable is packed ; otherwise, it is not

⭐ Related Projects

You may also like these:

👏 Supporters

Stargazers repo roster for @packing-box/REMINDer

Forkers repo roster for @packing-box/REMINDer

Back to top