awesome-executable-packing

A curated list of awesome resources related to executable packing
https://github.com/packing-box/awesome-executable-packing

Last synced: 3 days ago
JSON representation

:books: Literature
- Scientific Research
- Documentation
:package: Packers
- Between 2000 and 2010
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
  - 20to4 - Executable compressor that is able to stuff about 20k of finest code and data into less than 4k.
  - AverCryptor - Small and very handy utility designed to encrypt notes in which you can store any private information - it helps to hide your infection from antiviruses.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - CryptExec - Next-generation runtime binary encryption using on-demand function extraction.
  - EXE Guarder - Licensing tool for PE files allowing to compress and specify a password notice.
  - EXE Wrapper - Protects any EXE file with a password from non-authorized execution.
  - FSG - *Fast Small Good*, perfect compressor for small exes, eg.
  - Kkrunchy - Kkrunchy is a small exe packer primarily meant for 64k intros.
  - NSPack - 32/64-bits exe, dll, ocx, scr Windows program compressor.
  - PECompact - Windows executable compressor featuring third-party plug-ins offering protection against reverse engineering.
  - RLPack - Compresses your executables and dynamic link libraries in a way that keeps them small and has no effect on compressed file functionality.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - XComp - PE32 image file packer and rebuilder.
  - Yoda Crypter - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import Table and erases PE Header.
  - Yoda Protector - Free, open source, Windows 32-bit software protector.
  - BurnEye - ELF encryption program, x86-linux binary.
  - cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
  - Shiva - Tool to encrypt ELF executables under Linux.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - Laturi - Linker and compressor intended to be used for macOS 1k, 4k and perhaps 64K intros.
  - RUCC - ROSE Ultra COM Compressor ; COM and EXE compression utility based on 624.
  - UPX-Scrambler - Scrambler for files packed with UPX (up to 1.06) so that they cannot be unpacked with the '-d' option.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - Laturi - Linker and compressor intended to be used for macOS 1k, 4k and perhaps 64K intros.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
  - x86.Virtualizer - x86 Virtualizer.
  - cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
  - sePACKER - Simple Executable Packer is compressing executables' code section inorder to decrease size of binary files.
  - Shiva - Tool to encrypt ELF executables under Linux.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - ByteBoozer - Commodore 64 executable packer.
  - Sentinel HASP Envelope - Wrapping application that protects the target application with a secure shield, providing a means to counteract reverse engineering and other anti-debugging measures.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - AT4RE Protector - Very simple PE files protector programmed in ASM.
  - EXE Guarder - Licensing tool for PE files allowing to compress and specify a password notice.
  - Exe32Pack - Compresses Win32 EXEs, DLLs, etc and dynamically expands them upon execution.
  - EXECryptor - Protects EXE programs from reverse engineering, analysis, modifications and cracking.
  - ExeFog - Simple Win32 PE files packer.
  - eXPressor - Used as a compressor this tool can compress EXE files to half their normal size.
  - GHF Protector - Executable packer / protector based on open source engines Morphine and AHPack.
  - mPack - Mario PACKersimple Win32 PE Executable compressor.
  - NTPacker - PE file packer relying on aPlib for compression and/or XOR for encryption.
  - UPack - Compresses Windows PE file.
  - x86.Virtualizer - x86 Virtualizer.
  - XComp - PE32 image file packer and rebuilder.
  - BurnEye - ELF encryption program, x86-linux binary.
  - 20to4 - Executable compressor that is able to stuff about 20k of finest code and data into less than 4k.
  - AverCryptor - Small and very handy utility designed to encrypt notes in which you can store any private information - it helps to hide your infection from antiviruses.
  - BurnEye - ELF encryption program, x86-linux binary.
  - cryptelf - Modifies binary by appending code to handle runtime decryption, changing the program EP and changing the .note segment to LOAD ; encrypts the .text section by XORing its bytes with a key.
  - CryptExec - Next-generation runtime binary encryption using on-demand function extraction.
  - EXE Wrapper - Protects any EXE file with a password from non-authorized execution.
  - FSG - *Fast Small Good*, perfect compressor for small exes, eg.
  - HackStop - EXE and COM programs encrypter and protector.
  - Kkrunchy - Small exe packer primarily meant for 64k intros.
  - Laturi - Linker and compressor intended to be used for macOS 1k, 4k and perhaps 64K intros.
  - NSPack - 32/64-bits exe, dll, ocx, scr Windows program compressor.
  - RLPack - Compresses your executables and dynamic link libraries in a way that keeps them small and has no effect on compressed file functionality.
  - RSCC - ROSE Super COM Crypt ; polymorph cryptor for files greater than 300-400B and smaller than 60kB.
  - Shiva - Tool to encrypt ELF executables under Linux.
  - Yoda Crypter - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import Table and erases PE Header.
  - Yoda Protector - Free, open source, Windows 32-bit software protector.
  - RDMC - DMC algorithm based packer.
  - tElock - Practical tool that intends to help developers who want to protect their work and reduce the size of the executable files.
  - TTProtect - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
  - PECompact - Windows executable compressor featuring third-party plug-ins offering protection against reverse engineering.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - ACProtect - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock code.
  - AHPack - PE and PE+ file packer.
  - Application Protector - Tool for protecting Windows applications.
  - BurnEye - Burneye ELF encryption program, x86-linux binary.
  - Shiva - Shiva is a tool to encrypt ELF executables under Linux.
  - WinUpack - Graphical interface for Upack, a command-line program used to create self-extracting archives from Windows PE files.
  - Shiva - Tool to encrypt ELF executables under Linux.
  - BurnEye - ELF encryption program, x86-linux binary.
- After 2010
  - Alienyze - Advanced software protection and security for Windows 32-bit executables.
  - Andromeda - Custom packer used in malware campaigns using RunPE techniques for evading AV mitigation methods.
  - APKProtect - APK encryption and shell protection supporting Java and C++.
  - Armadillo - Incorporates both a license manager and wrapper system for protecting PE files.
  - ASPack - Advanced solution created to provide Win32 EXE file packing and to protect them against non-professional reverse engineering.
  - ASProtect 32 - Multifunctional EXE packing tool designed for software developers to protect 32-bit applications with in-built application copy protection system.
  - ASProtect 64 - Tool for protecting 64-bit applications and .NET applications for Windows against unauthorized use, industrial and home copying, professional hacking and analysis of software products distributed over the Internet and on any physical media.
  - BIN-crypter - EXE protection software against crackers and decompilers.
  - BoxedApp Packer
  - DexGuard - Android app obfuscation & security protocols for mobile app protection.
  - ElecKey - Suite of software and tools that offer a complete solution for software protection, copy protection, and license management.
  - Enigma Protector - Professional system for executable files licensing and protection.
  - EXE Stealth - Anti-cracking protection and licensing tool for PE files featuring compression and encryption polymorphic technology.
  - GzExe - Utility that allows to compress executables as a shell script.
  - LIAPP - Easiest and most powerful mobile app security solution.
  - LM-X License Manager - LM-X License Manager lets you protect your products against piracy by enforcing various levels of security, save time, and reduce business risks.
  - NPack - Can compress 32bits and 64bits exe, dll, ocx, scr Windows program.
  - Obsidium - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to protect your 32- and 64-bit Windows software applications and games from reverse engineering.
  - PELock - Software protection system for Windows executable files ; protects your applications from tampering and reverse engineering, and provides extensive support for software license key management, including support for time trial periods.
  - RapidEXE - Simple and efficient way to convert a PHP/Python script to a standalone executable.
  - Smart Packer - Packs 32 & 64bit applications with DLLs, data files, 3rd party run-time into one single executable that runs instantly, with no installs or hassles.
  - Squishy - Modern packer developed for 64kb demoscene productions, targets 32bit and 64bit executables.
  - ZProtect - Renames metadata entities and supports advanced obfuscation methods that harden protection scheme and foil reverse engineering altogether.
  - Amber - Position-independent(reflective) PE loader that enables in-memory execution of native PE files(EXE, DLL, SYS).
  - Themida - From Renovo paper: Themida converts the original x86 instructions into virtual instructions in its own randomized instruction set, and then interpret these virtual instructions at run-time.
  - VMProtect - Protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software.
  - Ward - Simple implementation of an ELF packer that creates stealthy droppers for loading malicious ELFs in-memory.
  - Woody Wood Packer - ELF packer - encrypt and inject self-decryption code into executable ELF binary target.
  - XyrisPack
  - ELFuck - ELF packer for i386 original version from sk2 by sd.
  - Pakkero - Binary packer written in Go made for fun and educational purpose.
  - PE-Packer - Simple packer for Windows 32-bits PE files.
  - PE-Toy - A PE file packer.
  - ASM Guard - Packer utility for compressing and complicating reversing compiled native code (native files), protecting resources, adding DRM, and packing into an optimized loader.
  - EXE Bundle - Bundles application files into a single PE32 file.
  - BoxedApp Packer
  - hXOR-Packer - PE packer with Huffman compression and XOR encryption.
  - SimpleDPack - A very simple windows EXE packing tool for learning or investigating PE structure.
  - Smart Packer - Packs 32 & 64bit applications with DLLs, data files, 3rd party run-time into one single executable that runs instantly, with no installs or hassles.
  - Code Virtualizer - Powerful code obfuscation system for Windows, Linux and macOS applications that helps developers to protect their sensitive code areas against Reverse Engineering with very strong obfuscation code, based on code virtualization.
  - Eronona-Packer - This is a packer for exe under win32.
  - NetCrypt - A proof-of-concept packer for .NET executables, designed to provide a starting point to explain the basic principles of runtime packing.
  - oplzkwp - Library for ELF obfuscation ; it uses PRESENT and blake244 to encrypt your payload on the fly.
  - Pakr - In-memory packer for macOS Mach-O bundles.
  - PePacker - Simple PE Packer Which Encrypts .text Section I release a simple PE file packer which encrypts the .text section and adds a decryption stub to the end of the last section.
  - pocrypt - Naive Proof of Concept Crypter for GNU/Linux ELF64.
  - ps2-packer - Create packed ELF files to run on the PS2.
  - sherlocked
  - theArk - Windows x86 PE Packer In C++.
  - UPX - Ultimate Packer for eXecutables.
  - ConfuserEx - An open-source, free protector for .NET applications.
  - DarkCrypt - Simply and powerful plugin for Total Commander used for file encryption using 100 algorithms and 5 modes.
  - DexProtector - Multi-layered RASP solution that secures your Android and iOS apps against static and dynamic analysis, illegal use and tampering.
  - DotNetZ - Straightforward and lightweight, command-line piece of software written in C that allows you to compress and pack Microsoft .NET Framework executable files.
  - ELF Packer - Encrypts 64-bit elf files that decrypt at runtime.
  - ELFCrypt - Simple ELF crypter using RC4 encryption.
  - Ezuri - A Simple Linux ELF Runtime Crypter.
  - Hyperion
  - LM-X License Manager - Lets you protect your products against piracy by enforcing various levels of security, save time, and reduce business risks.
  - m0dern_p4cker - Just a modern packer for elf binaries ( works on Linux executables only ).
  - MidgetPack - ELF binary packer, such as burneye, upx or other tools.
  - Origami - Packer compressing .net assemblies, (ab)using the PE format for data storage.
  - PELock - Software protection system for Windows executable files ; protects your applications from tampering and reverse engineering, and provides extensive support for software license key management, including support for time trial periods.
  - Smart Packer - Packs 32 & 64bit applications with DLLs, data files, 3rd party run-time into one single executable that runs instantly, with no installs or hassles.
  - Astral-PE - Low-level mutator (Headers/EP obfuscator) for native Windows PE files (x32/x64).
  - AxProtector - Encrypts the complete software you aim to protect, and shields it with a security shell, AxEngine, best-of-breed anti-debugging and anti-disassembly methods are then injected into your software.
  - Backpack
  - Bero - BEP (Bero EXE Packer) for 32-bit windows executables.
  - BIN-crypter - EXE protection software against crackers and decompilers.
  - ELF-Encrypter - Collection of programs to encrypt ELF binaries using various algorithms.
  - ELF-Packer - Simple Polymorphic x86_64 Runtime Code Segment Cryptor.
  - ELFkickers - A collection of programs that access and manipulate ELF files.
  - Enigma Virtual Box - Application virtualization system for Windows.
  - EXE Bundle - Bundles application files into a single PE32 file.
  - .netshrink - Executable compressor for your Windows or Linux .NET application executable file using LZMA.
  - Obsidium - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to protect your 32- and 64-bit Windows software applications and games from reverse engineering.
  - Papaw - Permissively-licensed packer for ELF executables using LZMA Zstandard or Deflate compression.
  - PEtite - Free Win32 (Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc) compressor.
  - VirtualMachineObfuscationPoC - Obfuscation method using virtual machine.
  - ZProtect - Renames metadata entities and supports advanced obfuscation methods that harden protection scheme and foil reverse engineering altogether.
  - Alienyze - Advanced software protection and security for Windows 32-bit executables.
  - Andromeda - Custom packer used in malware campaigns using RunPE techniques for evading AV mitigation methods.
  - APKProtect - APK encryption and shell protection supporting Java and C++.
  - AutoIT - Legitimate executable encryption service.
  - BangCle - Protection tool using the second generation Android Hardening Protection, loading the encrypted DEX file from memory dynamically.
  - BoxedApp Packer
  - DexGuard - Android app obfuscation & security protocols for mobile app protection.
  - ElecKey - Suite of software and tools that offer a complete solution for software protection, copy protection, and license management.
  - ELF-Packer - Simple Polymorphic x86_64 Runtime Code Segment Cryptor.
  - Enigma Protector - Professional system for executable files licensing and protection.
  - EXE Bundle - Bundles application files into a single PE32 file.
  - GzExe - Utility that allows to compress executables as a shell script.
  - hXOR-Packer - PE packer with Huffman compression and XOR encryption.
  - LIAPP - Easiest and most powerful mobile app security solution.
  - PE-Packer - Simple packer for Windows 32-bits PE files.
  - PE-Toy - A PE file packer.
  - RapidEXE - Simple and efficient way to convert a PHP/Python script to a standalone executable.
  - SimpleDPack - A very simple windows EXE packing tool for learning or investigating PE structure.
  - Smart Packer - Packs 32 & 64bit applications with DLLs, data files, 3rd party run-time into one single executable that runs instantly, with no installs or hassles.
  - Squishy - Modern packer developed for 64kb demoscene productions, targets 32bit and 64bit executables.
  - ASPack - Advanced solution created to provide Win32 EXE file packing and to protect them against non-professional reverse engineering.
  - ASProtect 32 - Multifunctional EXE packing tool designed for software developers to protect 32-bit applications with in-built application copy protection system.
  - DotBundle - GUI tool to compress, encrypt ad password-protect a .NET application or embed .NET libraries.
  - MPRESS - Compresses (using LZMA) and protects PE, .NET or Mach-O programs against reverse engineering.
  - OS-X_Packer - Binary packer for the Mach-O file format.
  - xorPacker - Simple packer working with all PE files which cipher your exe with a XOR implementation.
  - zELF - A modular ELF64 packer for Linux x86_64 featuring 22 compression codecs, ML-based codec selection, and support for both static and PIE binaries.
  - Alternate EXE Packer - Compression tool for executable files (type EXE) or DLL's relying on UPX 3.96.
  - Armadillo - Incorporates both a license manager and wrapper system for protecting PE files.
  - ASProtect 64 - Tool for protecting 64-bit applications and .NET applications for Windows against unauthorized use, industrial and home copying, professional hacking and analysis of software products distributed over the Internet and on any physical media.
  - Crinkler - Compressing linker for Windows, specifically targeted towards executables with a size of just a few kilobytes.
  - EXE Stealth - Anti-cracking protection and licensing tool for PE files featuring compression and encryption polymorphic technology.
  - PEShield - PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable.
  - PESpin
  - PEzoNG - Framework for automatically creating stealth binaries that target a very low detection rate in a Windows environment.
  - PEzor - Open-Source Shellcode & PE Packer.
  - ProtectMyTooling - Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry.
  - Silent-Packer - Silent Packer is an ELF / PE packer written in pure C.
  - Simple-PE32-Packer - Simple PE32 Packer with aPLib compression library.
- Before 2000
  - 32Lite - Compression tool for executable files created with Watcom C/C++ compiler.
  - 624 - COM packer that can compress COM programs shorter than 25000 bytes.
  - aPack - 16-bit real-mode DOS executable ( .EXE and .COM ) compressor.
  - AVPack - Encrypts EXE or COM files so that they'll be able to start on your PC only.
  - AXE - Program compression utility.
  - CauseWay Compressor - DOS EXE compressor.
  - CEXE - Compresses an input EXE into a smaller executable (only runs on WinNT, Win2000 and above - won't run on Win95 or Win98).
  - EPack - EXE and COM file compressor ; works with DOS/Windows95 files.
  - Fire-Pack
  - LGLZ - DOS EXE and COM file compressor using modified LZ77.
  - Megalite - MS-DOS executable file compressor.
  - Morphine - Application for PE files encryption.
  - Neolite - Compresses Windows 32-bit EXE files and DLLs.
  - PACK - Executable files compressor.
  - Pack-Ice
  - PCShrink - Windows 9x/NT executable file compressor relying on the aPLib compression library.
  - PE Diminisher - Simple PE packer relying on the aPLib compression library.
  - PE-Protector - Encrypter/protector for Windows 9x/ME to protect executable files PEagainst reverse engineering or cracking with a very strong protection.
  - PEBundle - Physically attaches DLL(s) to an executable, resolving dependencies in memory.
  - PEPack - PE compression tool based on the code of a newer version of PE-SHiELD.
  - Pro-Pack - DOS executable file compressor.
  - SecuPack - Win32 executable compressor.
  - SysPack - Device drivers compressor.
  - T-Pack - Executable COM-FILE compressor (LZ77) optimized for small files like BBS-Addys or similar files.
  - Vacuum - Runtime Compressor for DOS32 executables.
  - XPA - DOS executable packer.
  - JMCryptExe - DOS EXE encrypter.
  - XPA - DOS executable packer.
  - RERP - ROSE's EXE Relocation Packer.
  - SecuPack - Win32 executable compressor.
  - CC Pro - COM and EXE executable file compression utility.
  - TinyProg - EXE and COM programs compressor.
  - Shrinker - Compresses (up to 70%) 16 and 32 bit Windows and real mode DOS programs.
  - Neolite - Compresses Windows 32-bit EXE files and DLLs.
  - SPack
  - ABK Scrambler - COM file scrambler and protector recoded from ABKprot.
  - AEP - Addition Encode-Protective for COM and EXE file.
  - AINEXE - DOS executable packer (part of the AIN Archiver suite).
  - 32Lite - Compression tool for executable files created with Watcom C/C++ compiler.
  - 624 - COM packer that can compress COM programs shorter than 25000 bytes.
  - aPack - 16-bit real-mode DOS executable ( .EXE and .COM ) compressor.
  - AVPack - Encrypts EXE or COM files so that they'll be able to start on your PC only.
  - BIN-Lock - COM file scrambler for preventing reverse engineering.
  - BitLok - COM and EXE file protector.
  - CEXE - Compresses an input EXE into a smaller executable (only runs on WinNT, Win2000 and above - won't run on Win95 or Win98).
  - COMProtector - Adds a security envelope around DOS .COM files by randomly encrypting it and adding several anti-debugging tricks.
  - CrackStop - Tool that creates a security envelope around a DOS EXE file to protect it against crackers.
  - Crunch - File encryptor for COM and EXE files.
  - EPack - EXE and COM file compressor ; works with DOS/Windows95 files.
  - ExeGuard - DOS EXE files free protector using anti-debugging ticks to prevent hacking, analysis and unpacking.
  - EXELOCK 666 - Utility for protecting .EXE files so no lamers can hack out the copyright.
  - Fire-Pack
  - FSE - Final Fantasy Security Envelope freeware for protecting COM and EXE progams.
  - LGLZ - DOS EXE and COM file compressor using modified LZ77.
  - LzExe - MS-DOS executable file compressor.
  - Mask - Tool that prevents COM program from being cracked by using encryption and anti-debugging tricks.
  - Megalite - MS-DOS executable file compressor.
  - Mess - This tool does the same as HackStop, with the exception that it is freeware for non-commercial use.
  - Morphine - Application for PE files encryption.
  - PACK - Executable files compressor.
  - Pack-Ice
  - PCShrink - Windows 9x/NT executable file compressor relying on the aPLib compression library.
  - PE Diminisher - Simple PE packer relying on the aPLib compression library.
  - PE-Protector - Encrypter/protector for Windows 9x/ME to protect executable files PEagainst reverse engineering or cracking with a very strong protection.
  - PEPack - PE compression tool based on the code of a newer version of PE-SHiELD.
  - PKlite - Easy-to-use file compression program for compressing DOS and Windows executable files.
  - Pro-Pack - DOS executable file compressor.
  - Scorpion - EXE and COM file encrypter and protector.
  - SecuPack - Win32 executable compressor.
  - $PIRIT - COM/EXE executable files polymorphic encryptor.
  - TRAP - EXE and COM files encrypter and protector.
  - WWPack - Squeezes EXE files, compresses relocation tables, optimizes headers, protects EXE files from hacking.
  - XE - PE32 image file packer and rebuilder.
  - XorCopy - COM file XOR-based encrypter.
  - XORER - COM file XOR-based encrypter.
  - XPack - EXE/COM/SYS executable file compressor.
  - CauseWay Compressor - DOS EXE compressor.
  - PEBundle - Physically attaches DLL(s) to an executable, resolving dependencies in memory.
  - Gardian Angel - COM and EXE encrypter and protector using a variety of anti-debugging tricks.
  - SysPack - Device drivers compressor.
  - WinLite - Compresses Windows executables (such as Pklite, Diet or Wwpack) for executables programs under DOS.
  - RJCrush - EXE and COM files compressor with the ability to compress overlays.
  - AXE - Program compression utility.
  - T-Pack - Executable COM-FILE compressor (LZ77) optimized for small files like BBS-Addys or similar files.
  - Vacuum - Runtime Compressor for DOS32 executables.
:wrench: Tools
- Before 2000
  - PEiD (CLI) - Python implementation of PEiD featuring an additional tool for making new signatures.
  - Assiste (Packer) - Assiste.com's example list of packers.
  - BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
  - Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  - CFF Explorer - PE32/64 and .NET editor, part of the Explorer Suite.
  - ChkEXE - Identifies almost any EXE/COM packer, crypter or protector.
  - Clamscan Unpacker - Unpacker derived from ClamAV.
  - DynamoRIO - Runtime code manipulation system that supports code transformations on any part of a program, while it executes.
  - EtherUnpack - Precision universal automated unpacker (successor of PolyUnpack).
  - Eureka - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing.
  - EXETools - Forum for reverse engineering and executale packing related topics.
  - GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
  - Language 2000 - Ultimate compiler detection utility.
  - MRC - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria.
  - PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
  - PCjs - PCjs uses JavaScript to recreate the IBM PC experience, using original ROMs, CPUs running at their original speeds, and early IBM video cards and monitors.
  - PE Compression Test - List of packers tested on a few sample executables for comparing compressed sizes.
  - PE Detective - This GUI tool can scan single PE files or entire directories (also recursevely) and generate complete reports.
  - PEiD - Packed Executable iDentifier.
  - PEview - Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
  - PExplorer - Most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries for which you do not have source code.
  - PROTECTiON iD - PE file signature-based scanner.
  - Quick Unpack - Generic unpacker that facilitates the unpacking process.
  - RDG Packer Detector - Packer detection tool.
  - REMnux - Linux toolkit for reverse-engineering and analyzing malicious software.
  - ResourceHacker - Resource editor for 32bit and 64bit Windows applications.
  - StudPE - PE viewer and editor (32/64 bit).
  - Titanium Platform - Machine learning hybrid cloud platform that harvests thousands of file types at scale, speeds threat detection through machine learning binary analysis, and continuously monitors an index of over 10B files for future threats.
  - Tuts 4 You - Non-commercial, independent community dedicated to the sharing of knowledge and information on reverse code engineering.
  - UnpacMe - Automated malware unpacking service.
  - Uunp (IDA Pro plugin) - IDA Pro debugger plug-in module automating the analysis and unpacking of packed binaries.
  - VMUnpacker - Unpacker based on the technology of virtual machine.
  - OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
  - REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
  - IDR - Interactive Delphi Reconstructor.
  - PETools - Old-school reverse engineering tool (with a long history since 2002) for manipulating PE files.
  - BitBlaze - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
  - Eureka - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing.
  - Manalyze - Robust parser for PE files with a flexible plugin architecture which allows users to statically analyze files in-depth.
  - PE-bear - Freeware reversing tool for PE files aimed to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
  - OmniUnpack - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
  - PackerID - Fork of packerid.py using PEid signatures and featuring additional output types, formats, digital signature extraction, and disassembly support.
  - Packing-Box - Docker image gathering many packing-related tools and for making datasets of packed executables for use with machine learning.
  - VMUnpacker - Unpacker based on the technology of virtual machine.
  - Winbindex - An index of Windows binaries, including download links for executables such as EXE, DLL and SYS files.
  - OllyDbg Scripts - Collection of OllyDbg scripts for unpacking many different packers.
  - Pandora's Bochs - Extension to the Bochs PC eumlator to enable it to monitor execution of the unpacking stubs for extracting the original code.
  - ProTools - Programmer's Tools, a web site dedicated for all kinds of tools and utilities for the true WinBloze programmer, including packers, crypters, etc.
  - ResourceHacker - Resource editor for 32bit and 64bit Windows applications.
  - RDG Packer Detector - Packer detection tool.
  - Angr - Platform-agnostic binary analysis framework.
  - Bintropy - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
  - PEiD - Packed Executable iDentifier.
  - StudPE - PE viewer and editor (32/64 bit).
  - TrID - Utility for identifying file types from their binary signatures.
  - EXETools - Forum for reverse engineering and executale packing related topics.
  - FUU - Fast Universal Unpacker.
  - GetTyp - File format detection program for DOS based on special strings and byte code.
  - Unpckarc - Packed executables detection tool relying on several heuristics.
  - UUP - Universal exe-file UnPacker.
  - VMHunt - Set of tools for analyzing virtualized binary code ; now only supports 32 bit traces.
  - yarGen - Generator for YARA rules - The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.
  - Android Unpacker - Presented at Defcon 22: Android Hacker Protection Level 0.
  - AppSpear - Universal and automated unpacking system suitable for both Dalvik and ART.
  - AVClass - Python tools to tag / label malware samples.
  - de4js - JavaScript Deobfuscator and Unpacker.
  - Defacto2 Analyzers Archive - Collection of 60 binary files analysers for MS-DOS and Windows32 from the 1990s and the 2000s.
  - Defacto2 Packers Archive - Collection of 460 binary and data file packers for MS-DOS and Windows32 from the 1990s and 2000s.
  - Emulator - Symantec Endpoint Protector (from v14) capability to create a virtual machine on the fly to identify, detonate, and eliminate malware hiding inside custom malware packers.
  - ImpREC - This can be used to repair the import table for packed programs.
  - LIEF - Library to Instrument Executable Formats ; Python package for parsing PE, ELF, Mach-O and DEX formats, modifying and rebuilding executables.
  - LordPE - PE header viewer, editor and rebuilder.
  - Malheur - Tool for the automatic analysis of malware behavior (recorded from malicious software in a sandbox environment).
  - MalUnpack - Dynamic unpacker based on PE-sieve.
  - Pin - Dynamic binary instrumentation framework for the IA-32, x86-64 and MIC instruction-set architectures that enables the creation of dynamic program analysis tools.
  - PINdemonium - Unpacker for PE files exploiting the capabilities of PIN.
  - PolyUnpack - Implemention attempt of the general approach for extracting the original hidden code of PE files without any heuristic assumptions.
  - PyPackerDetect - Small Python script/library to detect whether an executable is packed.
  - PyPeid - Yet another implementation of PEiD with yara-python.
  - Quick Unpack - Generic unpacker that facilitates the unpacking process.
  - RDG Packer Detector - Packer detection tool.
  - UU - Universal Unpacker.
  - BinUnpack - Unpacking approach free from tedious memory access monitoring, therefore introducing very small runtime overhead.
  - Justin - Just-In-Time AV scanning ; generic unpacking solution.
  - PackID - Packer identification multiplatform tool/library using the same database syntax as PEiD.
  - PANDA - Platform for Architecture-Neutral Dynamic Analysis.
  - PANDI - Dynamic packing detection solution built on top of PANDA.
  - PEFrame - Tool for performing static analysis on PE malware and generic suspicious files.
  - Bintropy - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
  - Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  - CFF Explorer - PE32/64 and .NET editor, part of the Explorer Suite.
  - ChkEXE - Identifies almost any EXE/COM packer, crypter or protector.
  - Clamscan Unpacker - Unpacker derived from ClamAV.
  - COM2EXE - Free tool for converting COM files to EXE format.
  - DynamoRIO - Runtime code manipulation system that supports code transformations on any part of a program, while it executes.
  - EtherUnpack - Precision universal automated unpacker (successor of PolyUnpack).
  - Language 2000 - Ultimate compiler detection utility.
  - Packing-Box - Docker image gathering many packing-related tools and for making datasets of packed executables for use with machine learning.
  - PCjs - Uses JavaScript to recreate the IBM PC experience, using original ROMs, CPUs running at their original speeds, and early IBM video cards and monitors.
  - PE Detective - This GUI tool can scan single PE files or entire directories (also recursevely) and generate complete reports.
  - PEiD (CLI) - Python implementation of PEiD featuring an additional tool for making new signatures.
  - PEview - Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
  - PExplorer - Most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries for which you do not have source code.
  - ProTools - Programmer's Tools, a web site dedicated for all kinds of tools and utilities for the true WinBloze programmer, including packers, crypters, etc.
  - REMnux - Linux toolkit for reverse-engineering and analyzing malicious software.
  - APKiD - Android application Identifier for packers, protectors, obfuscators and oddities - PEiD for Android.
  - aPLib - Compression library based on the algorithm used in aPACK.
  - Assiste (Packer) - Assiste.com's example list of packers.
  - DSFF - DataSet File Format for exchanging datasets and converting to ARFF (for use with Weka), CSV or Packing-Box's dataset structure.
  - .NET Deobfuscator - List of .NET Deobfuscators and Unpackers.
  - OEPdet - Automated original-entry-point detector.
  - PROTECTiON iD - PE file signature-based scanner.
  - Reko - Free decompiler for machine code binaries.
  - ShowStopper - Tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
  - Binutils - The GNU Binutils are a collection of binary tools for Linux (it namely includes Readelf).
  - EXEInfo-PE - Fast detector for executable PE files.
  - MRC - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria.
  - PackerAttacker - Tool that uses memory and code hooks to detect packers.
  - PackerBreaker - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
  - PackerGrind - Adaptive unpacking tool for tracking packing bahaviors and unpacking Android packed apps.
  - PEdump - Dump windows PE files using Ruby.
  - Pefeats - Utility for extracting 119 features from a PE file for use with machine learning algorithms.
  - Pefile - Multi-platform Python module to parse and work with Portable Executable files.
  - PEiD (yara) - Yet another implementation of PEiD with yara.
  - PE Compression Test - List of packers tested on a few sample executables for comparing compressed sizes.
  - PROTECTiON iD - PE file signature-based scanner.
  - PyPackerDetect (refactored) - A complete refactoring of the original project to a Python package with a console script to detect whether an executable is packed.
  - SymPack - Safe, portable, largely eﬀective but not generic library for packing detection and unpacking ; part of the Norton Antivirus solution.
  - Triton - Dynamic binary analysis library.
  - Unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation.
  - Uundo - Universal Undo - Universal Unpacker.
  - NotPacked++ - Attack tool for altering packed samples so that they evade static packing detection.
  - Oedipus - A Python framework that uses machine learning algorithms to implement the metadata recovery attack against obfuscated programs.
  - PeLib - PE file manipulation library.
  - PEPack - PE file packer detection tool, part of the Unix package "pev".
  - PEscan - CLI tool to scan PE files to identify how they were constructed.
  - REMINDer - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
  - Renovo - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after the program starts.
  - RetDec - Retargetable machine-code decompiler based on LLVM.
  - RTD - Rose Patch - TinyProt/Rosetiny Unpacker.
  - RUPP - ROSE SWE UnPaCKER PaCKaGE (for DOS executables only).
  - SecML Malware - Create adversarial attacks against machine learning Windows malware detectors.
  - de4dot - .NET deobfuscator and unpacker.
  - Capa - Open-source tool to identify capabilities in PE, ELF or .NET executable files.
  - Cave-Finder - Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files.
  - Defacto2 Unpackers Archive - Collection of 152 binary files unpackers for MS-DOS and Windows 32 from the 1990s and 2000s.
  - DIE - Detect It Easy ; Program for determining types of files.
  - ExeScan - Executable file analyzer which detects the most famous EXE/COM Protectors, Packers, Converters and compilers.
  - GUnpacker - Shell tool that performs OEP positioning and dumps decrypted code.
  - Gym-Malware - This is a malware manipulation environment for OpenAI's gym.
  - PE Compression Test - List of packers tested on a few sample executables for comparing compressed sizes.
  - PEiD - Packed Executable iDentifier.
:bookmark_tabs: Datasets
- Scientific Research
  - ViruSign - Another online malware database.
  - VirusShare - Virus online database with more than 44 millions of samples.
  - VX Underground - PL-CERT based open source MWDB python application holding a malware database containing every APT sample from 2010 and over 7.5M maliciousbinaries.
  - VXvault - Online malware database.
  - WildList - Cooperative listing of malwares reported as being in the wild by security professionals.
  - Contagio - Contagio is a collection of the latest malware samples, threats, observations, and analyses.
  - Malfease - Dataset of about 5,000 packed malware samples.
  - Malheur - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 2011).
  - Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
  - MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
  - MalwareBazaar - Project operated by abuse.ch aimed to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and customers from cyber threats.
  - MalwareGallery - Yet another malware collection in the Internet.
  - MalwareTips - MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats.
  - OARC Malware Dataset - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to qualified academic and industry researchers upon request.
  - Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
  - The Malware Museum - Collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.
  - PackingData - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW, Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
  - Dataset of Packed ELF - Dataset of packed ELF samples.
  - Dataset of Packed PE - Sanitized version of the original dataset, PackingData, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be packed (having a same hash as the original unpacked executable).
  - SOREL - Sophos-ReversingLabs 20 Million dataset.
  - Malheur - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 2011).
  - VirusSamples
  - MalwareGallery - Yet another malware collection in the Internet.
  - VXvault - Online malware database.
  - BODMAS - Code for our DLS'21 paper - BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware.
  - CyberCrime - C² tracking and malware database.
  - Ember - Collection of features from PE files that serve as a benchmark dataset for researchers.
  - Ember2024 - Update to the EMBER2017 and EMBER2018 datasets.
  - FFRI Dataset Scripts - Make datasets like FFRI Dataset.
  - Open Malware Project - Online collection of malware samples (formerly Offensive Computing).
  - ViruSign - Another online malware database.
  - VirusTotal - File analysis Web service for detecting malware.
  - VX Heaven - Site dedicated to providing information about computer viruses.
  - MalwareBazaar - Project operated by abuse.ch aimed to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and customers from cyber threats.
  - MalwareGallery - Yet another malware collection in the Internet.
  - MalwareTips - Community-driven platform providing the latest information and resources on malware and cyber threats.
  - OARC Malware Dataset - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to qualified academic and industry researchers upon request.
  - VirusSamples - Best of the worst kind of files on the Internet.
  - VirusSign - Giant database dedicated to combating malware in the digital world.
  - MaleX - Curated dataset of malware and benign Windows executable samples for malware researchers containing 1,044,394 Windows executable binaries and corresponding image representations with 864,669 labelled as malware and 179,725 as benign.
  - Malicia - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
  - VX Underground - PL-CERT based open source MWDB python application holding a malware database containing every APT sample from 2010 and over 7.5M maliciousbinaries.
  - WildList - Cooperative listing of malwares reported as being in the wild by security professionals.
  - MalwareSamples - Bringing you the best of the worst files on the Internet.
  - Malfease - Dataset of about 5,000 packed malware samples.
  - theZoo - Project created to make the possibility of malware analysis open and available to the public.
  - VirusShare - Virus online database with more than 44 millions of samples.
  - Contagio - Collection of the latest malware samples, threats, observations, and analyses.
  - Dataset of Packed ELF - Compilation of packed ELF samples.
  - Dataset of Packed PE - Sanitized version of the original dataset, PackingData, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be packed (having a same hash as the original unpacked executable).
  - Malheur - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 2011).
  - MalShare - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
  - Malware Archive - Malware samples, analysis exercises and other interesting resources.
  - Packware - Datasets and codes that are needed to reproduce the experiments in the paper "When Malware is Packing Heat".
  - RCE Lab - Crackme's, keygenme's, serialme's ; the "tuts4you" folder contains many packed binaries.
  - Runtime Packers Testset - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 versions and options, with a total of about 5,000 samples.
  - SAC - Slovak Antivirus Center, non-commercial project of AVIR and ESET companies ; contains packers, detectors and unpackers.
  - SOREL - Sophos-ReversingLabs 20 Million dataset.

Programming Languages

Python 17 C 13 C++ 9 HTML 3 C# 3 YARA 2 Jupyter Notebook 2 Go 2 JavaScript 1 Objective-C 1

Categories

:books: Literature 2,304 :package: Packers 287 :wrench: Tools 152 :bookmark_tabs: Datasets 58

Sub Categories

Scientific Research 2,240 Before 2000 237 Documentation 122 After 2010 119 Between 2000 and 2010 83

Keywords

malware-analysis 11 malware-research 9 reverse-engineering 9 binary-analysis 6 malware 5 python 5 machine-learning 4 unpacker 4 pe-file 4 packer 4 executable-packing 3 windows 3 elf-binaries 3 upx 3 pe-format 3 security 3 malware-packers 3 android 3 dotnet 3 elf 3 pe 2 c 2 encryption 2 malware-detection 2 lief 2 mach-o 2 x86-64 2 packers 2 malwareanalysis 2 deobfuscator 2 analysis 2 disassembler 2 dumper 2 entropy 2 pefile 2 qemu 2 dataset 2 elf-format 2 samples 2 pe-files 2 malware-samples 2 portable-executable 2 yara 2 ollvm 1 static-analysis 1 obfuscate 1 windowsdriver 1 abi 1 apple 1 osx 1