Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

awesome-executable-packing

A curated list of awesome resources related to executable packing
https://github.com/packing-box/awesome-executable-packing

Last synced: 10 days ago
JSON representation

  • :package: Packers

    • Between 2000 and 2010

      • ACProtect - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock code.
      • AHPack - PE and PE+ file packer.
      • Application Protector - Tool for protecting Windows applications.
      • AT4RE Protector - Very simple PE files protector programmed in ASM.
      • AverCryptor - Small and very handy utility designed to encrypt notes in which you can store any private information - it helps to hide your infection from antiviruses.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • ByteBoozer - Commodore 64 executable packer.
      • CryptExec - Next-generation runtime binary encryption using on-demand function extraction.
      • EXE Guarder - Licensing tool for PE files allowing to compress and specify a password notice.
      • EXE Wrapper - Protects any EXE file with a password from non-authorized execution.
      • Exe32Pack - Compresses Win32 EXEs, DLLs, etc and dynamically expands them upon execution.
      • EXECryptor - Protects EXE programs from reverse engineering, analysis, modifications and cracking.
      • ExeFog - Simple Win32 PE files packer.
      • eXPressor - Used as a compressor this tool can compress EXE files to half their normal size.
      • FSG - *Fast Small Good*, perfect compressor for small exes, eg.
      • GHF Protector - Executable packer / protector based on open source engines Morphine and AHPack.
      • Kkrunchy - Kkrunchy is a small exe packer primarily meant for 64k intros.
      • mPack - Mario PACKersimple Win32 PE Executable compressor.
      • NSPack - 32/64-bits exe, dll, ocx, scr Windows program compressor.
      • NTPacker - PE file packer relying on aPlib for compression and/or XOR for encryption.
      • PECompact - Windows executable compressor featuring third-party plug-ins offering protection against reverse engineering.
      • RDMC - DMC algorithm based packer.
      • RLPack - Compresses your executables and dynamic link libraries in a way that keeps them small and has no effect on compressed file functionality.
      • Sentinel HASP Envelope - Wrapping application that protects the target application with a secure shield, providing a means to counteract reverse engineering and other anti-debugging measures.
      • sePACKER - Simple Executable Packer is compressing executables' code section inorder to decrease size of binary files.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • tElock - Practical tool that intends to help developers who want to protect their work and reduce the size of the executable files.
      • TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
      • UPack - Compresses Windows PE file.
      • WinUpack - Graphical interface for Upack, a command-line program used to create self-extracting archives from Windows PE files.
      • XComp - PE32 image file packer and rebuilder.
      • Yoda Crypter - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import Table and erases PE Header.
      • Yoda Protector - Free, open source, Windows 32-bit software protector.
      • Laturi - Linker and compressor intended to be used for macOS 1k, 4k and perhaps 64K intros.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • EXE Guarder - Licensing tool for PE files allowing to compress and specify a password notice.
      • Laturi - Linker and compressor intended to be used for macOS 1k, 4k and perhaps 64K intros.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
      • x86.Virtualizer - x86 Virtualizer.
      • XComp - PE32 image file packer and rebuilder.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • x86.Virtualizer - x86 Virtualizer.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • PECompact - Windows executable compressor featuring third-party plug-ins offering protection against reverse engineering.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • RUCC - ROSE Ultra COM Compressor ; COM and EXE compression utility based on 624.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • UPX-Scrambler - Scrambler for files packed with UPX (up to 1.06) so that they cannot be unpacked with the '-d' option.
      • BurnEye - Burneye ELF encryption program, x86-linux binary.
      • Shiva - Shiva is a tool to encrypt ELF executables under Linux.
      • TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
      • BurnEye - ELF encryption program, x86-linux binary.
      • Shiva - Tool to encrypt ELF executables under Linux.
      • cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
      • BurnEye - ELF encryption program, x86-linux binary.
      • Shiva - Tool to encrypt ELF executables under Linux.
      • BurnEye - ELF encryption program, x86-linux binary.
      • cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
      • Shiva - Tool to encrypt ELF executables under Linux.
      • BurnEye - ELF encryption program, x86-linux binary.
      • cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
      • Shiva - Tool to encrypt ELF executables under Linux.
      • Yoda Crypter - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import Table and erases PE Header.
      • BurnEye - ELF encryption program, x86-linux binary.
      • cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
      • Shiva - Tool to encrypt ELF executables under Linux.

  • :wrench: Tools

    • Before 2000

      • aPLib - Compression library based on the algorithm used in aPACK.
      • Assiste (Packer) - Assiste.com's example list of packers.
      • BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
      • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
      • CFF Explorer - PE32/64 and .NET editor, part of the Explorer Suite.
      • ChkEXE - Identifies almost any EXE/COM packer, crypter or protector.
      • Clamscan Unpacker - Unpacker derived from ClamAV.
      • DIE - Detect It Easy ; Program for determining types of files.
      • DynamoRIO - Runtime code manipulation system that supports code transformations on any part of a program, while it executes.
      • Emulator - Symantec Endpoint Protector (from v14) capability to create a virtual machine on the fly to identify, detonate, and eliminate malware hiding inside custom malware packers.
      • EtherUnpack - Precision universal automated unpacker (successor of PolyUnpack).
      • Eureka - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing.
      • EXETools - Forum for reverse engineering and executale packing related topics.
      • GetTyp - File format detection program for DOS based on special strings and byte code.
      • GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
      • ImpREC - This can be used to repair the import table for packed programs.
      • Justin - Just-In-Time AV scanning ; generic unpacking solution.
      • Language 2000 - Ultimate compiler detection utility.
      • LordPE - PE header viewer, editor and rebuilder.
      • MRC - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria.
      • OEPdet - Automated original-entry-point detector.
      • PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
      • Pandora's Bochs - Extension to the Bochs PC eumlator to enable it to monitor execution of the unpacking stubs for extracting the original code.
      • PCjs - PCjs uses JavaScript to recreate the IBM PC experience, using original ROMs, CPUs running at their original speeds, and early IBM video cards and monitors.
      • PE Compression Test - List of packers tested on a few sample executables for comparing compressed sizes.
      • PE Detective - This GUI tool can scan single PE files or entire directories (also recursevely) and generate complete reports.
      • PEdump - Dump windows PE files using Ruby.
      • Pefeats - Utility for extracting 119 features from a PE file for use with machine learning algorithms.
      • PEiD - Packed Executable iDentifier.
      • PEscan - CLI tool to scan PE files to identify how they were constructed.
      • PEview - Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
      • PExplorer - Most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries for which you do not have source code.
      • Pin - Dynamic binary instrumentation framework for the IA-32, x86-64 and MIC instruction-set architectures that enables the creation of dynamic program analysis tools.
      • PROTECTiON iD - PE file signature-based scanner.
      • Quick Unpack - Generic unpacker that facilitates the unpacking process.
      • RDG Packer Detector - Packer detection tool.
      • REMnux - Linux toolkit for reverse-engineering and analyzing malicious software.
      • ResourceHacker - Resource editor for 32bit and 64bit Windows applications.
      • RTD - Rose Patch - TinyProt/Rosetiny Unpacker.
      • RUPP - ROSE SWE UnPaCKER PaCKaGE (for DOS executables only).
      • StudPE - PE viewer and editor (32/64 bit).
      • SymPack - Safe, portable, largely effective but not generic library for packing detection and unpacking ; part of the Norton Antivirus solution.
      • Titanium Platform - Machine learning hybrid cloud platform that harvests thousands of file types at scale, speeds threat detection through machine learning binary analysis, and continuously monitors an index of over 10B files for future threats.
      • TrID - Utility for identifying file types from their binary signatures.
      • Tuts 4 You - Non-commercial, independent community dedicated to the sharing of knowledge and information on reverse code engineering.
      • UnpacMe - Automated malware unpacking service.
      • Unpckarc - Packed executables detection tool relying on several heuristics.
      • UU - Universal Unpacker.
      • Uundo - Universal Undo - Universal Unpacker.
      • Uunp (IDA Pro plugin) - IDA Pro debugger plug-in module automating the analysis and unpacking of packed binaries.
      • UUP - Universal exe-file UnPacker.
      • VMUnpacker - Unpacker based on the technology of virtual machine.
      • Defacto2 Packers Archive - Collection of 460 binary and data file packers for MS-DOS and Windows32 from the 1990s and 2000s.
      • OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
      • REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
      • ProTools - Programmer's Tools, a web site dedicated for all kinds of tools and utilities for the true WinBloze programmer, including packers, crypters, etc.
      • Defacto2 Analyzers Archive - Collection of 60 binary files analysers for MS-DOS and Windows32 from the 1990s and the 2000s.
      • Defacto2 Unpackers Archive - Collection of 152 binary files unpackers for MS-DOS and Windows 32 from the 1990s and 2000s.
      • ExeScan - Executable file analyzer which detects the most famous EXE/COM Protectors, Packers, Converters and compilers.
      • ResourceHacker - Resource editor for 32bit and 64bit Windows applications.
      • RDG Packer Detector - Packer detection tool.
      • Android Unpacker - Presented at Defcon 22: Android Hacker Protection Level 0.
      • Angr - Platform-agnostic binary analysis framework.
      • APKiD - Android application Identifier for packers, protectors, obfuscators and oddities - PEiD for Android.
      • AppSpear - Universal and automated unpacking system suitable for both Dalvik and ART.
      • Assiste (Packer) - Assiste.com's example list of packers.
      • AVClass - Python tools to tag / label malware samples.
      • Bintropy - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
      • BinUnpack - Unpacking approach free from tedious memory access monitoring, therefore introducing very small runtime overhead.
      • BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
      • Capa - Open-source tool to identify capabilities in PE, ELF or .NET executable files.
      • Cave-Finder - Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files.
      • de4js - JavaScript Deobfuscator and Unpacker.
      • DSFF - DataSet File Format for exchanging datasets and converting to ARFF (for use with Weka), CSV or Packing-Box's dataset structure.
      • EXEInfo-PE - Fast detector for executable PE files.
      • FUU - Fast Universal Unpacker.
      • GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
      • Gym-Malware - This is a malware manipulation environment for OpenAI's gym.
      • IDR - Interactive Delphi Reconstructor.
      • LIEF - Library to Instrument Executable Formats ; Python package for parsing PE, ELF, Mach-O and DEX formats, modifying and rebuilding executables.
      • Malheur - Tool for the automatic analysis of malware behavior (recorded from malicious software in a sandbox environment).
      • MalUnpack - Dynamic unpacker based on PE-sieve.
      • Manalyze - Robust parser for PE files with a flexible plugin architecture which allows users to statically analyze files in-depth.
      • .NET Deobfuscator - List of .NET Deobfuscators and Unpackers.
      • NotPacked++ - Attack tool for altering packed samples so that they evade static packing detection.
      • Oedipus - A Python framework that uses machine learning algorithms to implement the metadata recovery attack against obfuscated programs.
      • OllyDbg Scripts - Collection of OllyDbg scripts for unpacking many different packers.
      • OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
      • PackerAttacker - Tool that uses memory and code hooks to detect packers.
      • PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
      • PackerGrind - Adaptive unpacking tool for tracking packing bahaviors and unpacking Android packed apps.
      • PackerID - Fork of packerid.py using PEid signatures and featuring additional output types, formats, digital signature extraction, and disassembly support.
      • PackID - Packer identification multiplatform tool/library using the same database syntax as PEiD.
      • Packing-Box - Docker image gathering many packing-related tools and for making datasets of packed executables for use with machine learning.
      • PANDA - Platform for Architecture-Neutral Dynamic Analysis.
      • PE Compression Test - List of packers tested on a few sample executables for comparing compressed sizes.
      • PE-bear - Freeware reversing tool for PE files aimed to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
      • Pefile - Multi-platform Python module to parse and work with Portable Executable files.
      • PEFrame - Tool for performing static analysis on PE malware and generic suspicious files.
      • PEiD - Packed Executable iDentifier.
      • PEiD (CLI) - Python implementation of PEiD featuring an additional tool for making new signatures.
      • PEiD (yara) - Yet another implementation of PEiD with yara.
      • PeLib - PE file manipulation library.
      • PEPack - PE file packer detection tool, part of the Unix package "pev".
      • PETools - Old-school reverse engineering tool (with a long history since 2002) for manipulating PE files.
      • PINdemonium - Unpacker for PE files exploiting the capabilities of PIN.
      • PolyUnpack - Implemention attempt of the general approach for extracting the original hidden code of PE files without any heuristic assumptions.
      • PROTECTiON iD - PE file signature-based scanner.
      • PyPackerDetect - Small Python script/library to detect whether an executable is packed.
      • PyPackerDetect (refactored) - A complete refactoring of the original project to a Python package with a console script to detect whether an executable is packed.
      • PyPeid - Yet another implementation of PEiD with yara-python.
      • Quick Unpack - Generic unpacker that facilitates the unpacking process.
      • RDG Packer Detector - Packer detection tool.
      • Reko - Free decompiler for machine code binaries.
      • REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
      • Renovo - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after the program starts.
      • RetDec - Retargetable machine-code decompiler based on LLVM.
      • SecML Malware - Create adversarial attacks against machine learning Windows malware detectors.
      • ShowStopper - Tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
      • StudPE - PE viewer and editor (32/64 bit).
      • Triton - Dynamic binary analysis library.
      • Unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation.
      • VMHunt - Set of tools for analyzing virtualized binary code ; now only supports 32 bit traces.
      • VMUnpacker - Unpacker based on the technology of virtual machine.
      • Winbindex - An index of Windows binaries, including download links for executables such as EXE, DLL and SYS files.
      • yarGen - Generator for YARA rules - The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.
      • MRC - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria.
Programming Languages
Python 17 C 13 C++ 9 HTML 3 C# 3 YARA 2 Go 2 Jupyter Notebook 2 Batchfile 1 JavaScript 1
Categories
:books: Literature 2,369 :package: Packers 245 :wrench: Tools 138 :bookmark_tabs: Datasets 59
Sub Categories
Scientific Research 2,306 Before 2000 192 Documentation 122 After 2010 117 Between 2000 and 2010 74
Keywords
malware-analysis 11 malware-research 9 reverse-engineering 9 binary-analysis 6 python 5 malware 5 machine-learning 4 pe-file 4 packer 4 unpacker 4 security 3 windows 3 pe-format 3 dotnet 3 elf 3 android 3 elf-binaries 3 upx 3 malware-packers 3 executable-packing 3 pe 2 samples 2 yara 2 packers 2 pe-files 2 portable-executable 2 elf-format 2 c 2 malware-detection 2 x86-64 2 qemu 2 dataset 2 pefile 2 mach-o 2 analysis 2 encryption 2 lief 2 disassembler 2 deobfuscator 2 malware-samples 2 dumper 2 entropy 2 malwareanalysis 2 static-analysis 1 windowsdriver 1 dnlib 1 aarch64 1 arm 1 decompile 1 decompiler 1