awesome-executable-packing
A curated list of awesome resources related to executable packing
https://github.com/packing-box/awesome-executable-packing
Last synced: 3 days ago
JSON representation
-
:bookmark_tabs: Datasets
-
Scientific Research
- Contagio - Contagio is a collection of the latest malware samples, threats, observations, and analyses.
- CyberCrime - C² tracking and malware database.
- Malfease - Dataset of about 5,000 packed malware samples.
- Malheur - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 2011).
- Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
- MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
- The Malware Museum - Collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.
- MalwareBazaar - Project operated by abuse.ch aimed to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and customers from cyber threats.
- MalwareGallery - Yet another malware collection in the Internet.
- MalwareTips - MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats.
- OARC Malware Dataset - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to qualified academic and industry researchers upon request.
- Open Malware Project - Online collection of malware samples (formerly Offensive Computing).
- Runtime Packers Testset - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 versions and options, with a total of about 5,000 samples.
- SAC - Slovak Antivirus Center, non-commercial project of AVIR and ESET companies ; contains packers, detectors and unpackers.
- ViruSign - Another online malware database.
- VirusShare - Virus online database with more than 44 millions of samples.
- VX Heaven - Site dedicated to providing information about computer viruses.
- VX Underground - PL-CERT based open source MWDB python application holding a malware database containing every APT sample from 2010 and over 7.5M maliciousbinaries.
- VXvault - Online malware database.
- WildList - Cooperative listing of malwares reported as being in the wild by security professionals.
- Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
- MalwareSamples - Bringing you the best of the worst files on the Internet.
- VirusSamples
- Dataset of Packed ELF - Dataset of packed ELF samples.
- Dataset of Packed PE - Sanitized version of the original dataset, PackingData, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be packed (having a same hash as the original unpacked executable).
- Ember - Collection of features from PE files that serve as a benchmark dataset for researchers.
- FFRI Dataset Scripts - Make datasets like FFRI Dataset.
- MaleX - Curated dataset of malware and benign Windows executable samples for malware researchers containing 1,044,394 Windows executable binaries and corresponding image representations with 864,669 labelled as malware and 179,725 as benign.
- PackingData - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW, Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
- Packware - Datasets and codes that are needed to reproduce the experiments in the paper "When Malware is Packing Heat".
- RCE Lab - Crackme's, keygenme's, serialme's ; the "tuts4you" folder contains many packed binaries.
- SOREL - Sophos-ReversingLabs 20 Million dataset.
- theZoo - Project created to make the possibility of malware analysis open and available to the public.
- BODMAS - Code for our DLS'21 paper - BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware.
- Malheur - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 2011).
- Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
- Malware Archive - Malware samples, analysis exercises and other interesting resources.
- MalwareGallery - Yet another malware collection in the Internet.
- ViruSign - Another online malware database.
- VirusShare - Virus online database with more than 44 millions of samples.
- VirusTotal - File analysis Web service for detecting malware.
- VX Underground - PL-CERT based open source MWDB python application holding a malware database containing every APT sample from 2010 and over 7.5M maliciousbinaries.
- VXvault - Online malware database.
- WildList - Cooperative listing of malwares reported as being in the wild by security professionals.
- MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
- Malfease - Dataset of about 5,000 packed malware samples.
- SOREL - Sophos-ReversingLabs 20 Million dataset.
- Ember2024 - Update to the EMBER2017 and EMBER2018 datasets.
- MalwareGallery - Yet another malware collection in the Internet.
-
-
:books: Literature
-
Documentation
- a.out (FreeBSD manual pages)
- A.out binary format
- About anti-debug tricks
- Android packers: Separating from the pack
- Anti debugging protection techniques with examples
- Anti-unpacker tricks
- Anti-unpacker tricks - Part 14 (and previous parts)
- API deobfuscator: Resolving obfuscated API functions in modern packers
- The art of unpacking
- COM binary format
- Common object file format (COFF)
- Comparison of executable file formats
- Defacto2
- Dynamic binary analysis and obfuscated codes
- elf (FreeBSD manual pages)
- Entropy and the distinctive signs of packer PE files
- Executable and linkable format (ELF)
- Executable and linking format (ELF) specification
- Executable file formats
- FatELF: Universal binaries for Linux (HALTED)
- Hyperion: Implementation of a PE-Crypter
- Implementing your own generic unpacker
- Mach-O internals
- Making our own executable packer
- Microsoft portable executable and common object file format specification
- MITRE ATT&CK | T1027.002 | obfuscated files or information: Software packing
- MZ disk operating system (DOS)
- One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques
- One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques
- Packers
- Parsing mach-O files
- PE format - Win32 apps
- PinDemonium: A DBI-based generic unpacker for Windows executables
- Portable executable (PE)
- Reverse engineering malware: Binary obfuscation and protection
- Runtime packers: The hidden problem?
- TitanMist: Your first step to reversing nirvana
- Tuts 4 you - UnPackMe (.NET)
- Tuts 4 you | unpackme
- The "Ultimate" anti-debugging reference
- Virtual machine obfuscation
- We can still crack you! General unpacking method for Android Packer (NO ROOT)
- When malware is packing heat
- Win32 portable executable packing uncovered
- Writing a packer
- Evading machine learning malware detection
- Gunpack: Un outil générique d'unpacking de malwares
- Unpacking, reversing, patching
- Mach-O file format reference
- Packer detection tool evaluation
- Writing a simple PE packer in detail
- Mach-O - A look at apple executable files
- Cloak and dagger: Unpacking hidden malware attacks
- The art of memory forensics: Detecting malware and threats in Windows, Linux, and mac memory
- Cluster analysis
- Clustering algorithms
- A complexity measure
- Cyclomatic complexity density and software maintenance productivity
- Do we need hundreds of classifiers to solve real world classification problems?
- Machine learning
- The matthews correlation coefficient (MCC) should replace the ROC AUC as the standard metric for assessing binary classification
- NotPacked++: Evading static packing detection
- On the worst-case complexity of timsort
- Packing-box: Breaking detectors & visualizing packing
- Packing-box: Playing with executable packing
- ProtectMyTooling - Don't detect tools, detect techniques
- A survey of dimensionality reduction techniques
- x86 disassembly/Windows executable files
- Feature selection: A data perspective
- Pattern recognition and machine learning (Information science and statistics)
- Unpacking, reversing, patching
- ProtectMyTooling - Don't detect tools, detect techniques
- Cloak and dagger: Unpacking hidden malware attacks
- NotPacked++: Evading static packing detection
- Packing-box: Improving detection of executable packing
- Awesome LLVM security
- Defacto2
- Explained: Packer, crypter, and protector
- Implementing your own generic unpacker
- MITRE ATT&CK | T1406.002 | obfuscated files or information: Software packing - Mobile
- NotPacked++: Evading static packing detection
- OllyDbg OEP finder scripts
- Packing-box: Improving detection of executable packing
- Unpacking binary 101
- Unpacking the potential of "Packing box"
- Unpacking, reversing, patching
- Writing a PE packer
- Dealing with virtualization packers
- TitanMist: Your first step to reversing nirvana
- Qualitative and quantitative evaluation of software packers
- Standards and policies on packer use
- The matthews correlation coefficient (MCC) should replace the ROC AUC as the standard metric for assessing binary classification
- The art of memory forensics: Detecting malware and threats in Windows, Linux, and mac memory
- Practical malware analysis: The hands-on guide to dissecting malicious software
- Armouring the ELF: Binary encryption on the UNIX platform
- Learn symbolic execution and angr
- LIEF: Library to instrument executable formats
- The malware analyst's guide to aPLib decompression
- Packers/Protectors for Linux
- Packing-box: Playing with executable packing
- Runtime packers testing experiences
- TitanMist: Your first step to reversing nirvana
-
Scientific Research
- Absent extreme learning machine algorithm with application to packed executable identification
- An accurate packer identification method using support vector machine
- Adaptive unpacking of Android Apps
- All-in-one framework for detection, unpacking, and verification for malware analysis
- Analysis of machine learning approaches to packing detection
- Anti-emulation trends in modern packers: A survey on the evolution of anti-emulation techniques in UPA packers
- Anti-unpacker tricks
- Application of string kernel based support vector machine for malware packer identification
- The application research of virtual machine in packers
- AppSpear: Bytecode decrypting and DEX reassembling for packed Android malware
- The arms race: Adversarial search defeats entropy used to detect malware
- Automatic static unpacking of malware binaries
- BareUnpack: Generic unpacking on the bare-metal operating system
- BinStat tool for recognition of packed executables
- BitBlaze: A new approach to computer security via binary analysis
- Boosting scalability in anomaly-based packed executable filtering
- ByteWise: A case study in neural network obfuscation identification
- Challenging anti-virus through evolutionary malware obfuscation
- Classification of packed executables for accurate computer virus detection
- Classifying packed malware represented as control flow graphs using deep graph convolutional neural network
- Classifying packed programs as malicious software detected
- A comparative analysis of classifiers in the recognition of packed executables
- A comparative analysis of software protection schemes
- Comparing malware samples for unpacking: A feasibility study
- Computational-intelligence techniques for malware generation
- A consistently-executing graph-based approach for malware packer identification
- A control flow graph-based signature for packer identification
- Countering entropy measure attacks on packed software detection
- Dealing with virtualization packers
- Denial-of-service attacks on host-based generic unpackers
- Deobfuscation of packed and virtualization-obfuscation protected binaries
- Design and development of a new scanning core engine for malware detection
- Design and performance evaluation of binary code packing for protecting embedded software against reverse engineering
- Detecting packed executable file: Supervised or anomaly detection method?
- Detecting packed executables based on raw binary data
- Detecting packed executables using steganalysis
- Detecting packed PE files: Executable file analysis for the Windows operating system
- Detecting traditional packers, decisively
- Detection of metamorphic malware packers using multilayered LSTM networks
- Detection of packed executables using support vector machines
- DexHunter: Toward extracting hidden code from packed Android applications
- Disabling anti-debugging techniques for unpacking system in user-level debugger
- Dynamic binary instrumentation for deobfuscation and unpacking
- Dynamic classification of packing algorithms for inspecting executables using entropy analysis
- Effective, efficient, and robust packing detection and classification
- Efficient and automatic instrumentation for packed binaries
- Efficient automatic original entry point detection
- An efficient block-discriminant identification of packed malware
- Efficient malware packer identification using support vector machines with spectrum kernel
-
Programming Languages
Categories
Sub Categories
Keywords
malware-analysis
11
malware-research
9
reverse-engineering
9
binary-analysis
6
python
5
malware
5
machine-learning
4
pe-file
4
packer
4
unpacker
4
security
3
windows
3
pe-format
3
dotnet
3
elf
3
android
3
elf-binaries
3
upx
3
malware-packers
3
executable-packing
3
pe
2
samples
2
yara
2
packers
2
pe-files
2
portable-executable
2
elf-format
2
c
2
malware-detection
2
x86-64
2
qemu
2
dataset
2
pefile
2
mach-o
2
analysis
2
encryption
2
lief
2
disassembler
2
deobfuscator
2
malware-samples
2
dumper
2
entropy
2
malwareanalysis
2
static-analysis
1
windowsdriver
1
dnlib
1
aarch64
1
arm
1
decompile
1
decompiler
1