Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/packing-box/peid

Python implementation of the Packed Executable iDentifier (PEiD)
https://github.com/packing-box/peid

binary-analysis entrypoint executable-packing malware-analysis malware-packers malware-research packing-detection pe-file pe-files pe-format peid peid-signature python research-tools signature-detection

Last synced: about 2 months ago
JSON representation

Python implementation of the Packed Executable iDentifier (PEiD)

Host: GitHub
URL: https://github.com/packing-box/peid
Owner: packing-box
License: gpl-3.0
Created: 2021-07-06T18:43:19.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-01-23T20:50:47.000Z (6 months ago)
Last Synced: 2024-05-03T11:13:39.634Z (2 months ago)
Topics: binary-analysis, entrypoint, executable-packing, malware-analysis, malware-packers, malware-research, packing-detection, pe-file, pe-files, pe-format, peid, peid-signature, python, research-tools, signature-detection
Language: Python
Homepage:
Size: 1.29 MB
Stars: 120
Watchers: 3
Forks: 12
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-executable-packing - PEiD (CLI) - Python implementation of PEiD featuring an additional tool for making new signatures. (:wrench: Tools / Before 2000)

README

        


Packed Executable iDentifier 



Detect packers on PE files using signatures.


[![PyPi](https://img.shields.io/pypi/v/peid.svg)](https://pypi.python.org/pypi/peid/)

[![Python Versions](https://img.shields.io/pypi/pyversions/peid.svg)](https://pypi.python.org/pypi/peid/)

[![Build Status](https://github.com/packing-box/peid/actions/workflows/python-package.yml/badge.svg)](https://github.com/packing-box/peid/actions/workflows/python-package.yml)

[![DOI](https://zenodo.org/badge/383567798.svg)](https://zenodo.org/badge/latestdoi/383567798)

[![License](https://img.shields.io/pypi/l/peid.svg)](https://pypi.python.org/pypi/peid/)

This tool is an implementation in Python of the Packed Executable iDentifier ([PEiD](https://www.aldeid.com/wiki/PEiD)) in the scope of packing detection for Windows PE files based on signatures. It uses a combination of more than 5.500 signatures merged from the following sources:

- [wolfram77web/app-peid](https://github.com/wolfram77web/app-peid/)

- [merces/pev](https://github.com/merces/pev/)

- [ExeinfoASL/ASL](https://github.com/ExeinfoASL/ASL)

- [Ice3man543/MalScan](https://github.com/Ice3man543/MalScan)

- [PEiD Tab](https://www.top4download.com/peid-tab/screenshot-gaqrbxek.html)

```sh

$ pip install peid

```

The main tool checks the input executable against the embedded or user-defined signatures database.

```sh

$ peid --help

[...]

$ peid program.exe

[...]

$ peid program.exe --db custom_sigs_db.txt

```

The second tool allows to inspect signatures.

```sh

$ peid-db --db path/to/userdb.txt --filter UPX

```

The third tool allows to create and integrate new signatures.

```sh

$ peid-sig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith

```

## :star: Related Projects

You may also like these:

- [Awesome Executable Packing](https://github.com/packing-box/awesome-executable-packing): A curated list of awesome resources related to executable packing.

- [Bintropy](https://github.com/packing-box/bintropy): Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from [this paper](https://ieeexplore.ieee.org/document/4140989)).

- [Dataset of packed ELF files](https://github.com/packing-box/dataset-packed-elf): Dataset of ELF samples packed with many different packers.

- [Dataset of packed PE files](https://github.com/packing-box/dataset-packed-pe): Dataset of PE samples packed with many different packers (fork of [this repository](https://github.com/chesvectain/PackingData)).

- [Docker Packing Box](https://github.com/packing-box/docker-packing-box): Docker image gathering packers and tools for making datasets of packed executables.

- [DSFF](https://github.com/packing-box/python-dsff): Library implementing the DataSet File Format (DSFF).

- [PyPackerDetect](https://github.com/packing-box/pypackerdetect): Packing detection tool for PE files (fork of [this repository](https://github.com/cylance/PyPackerDetect)).

- [REMINDer](https://github.com/packing-box/reminder): Packing detector using a simple heuristic (inspired from [this paper](https://ieeexplore.ieee.org/document/5404211)).

## :clap:  Supporters

[![Stargazers repo roster for @packing-box/peid](https://reporoster.com/stars/dark/packing-box/peid)](https://github.com/packing-box/peid/stargazers)

[![Forkers repo roster for @packing-box/peid](https://reporoster.com/forks/dark/packing-box/peid)](https://github.com/packing-box/peid/network/members)