Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yutianqaq/entropycalc_go
File entropy calculator - Golang
https://github.com/yutianqaq/entropycalc_go
entropy evasion malware-analysis redteam shellcode
Last synced: about 1 month ago
JSON representation
File entropy calculator - Golang
- Host: GitHub
- URL: https://github.com/yutianqaq/entropycalc_go
- Owner: yutianqaq
- Created: 2024-02-04T15:11:10.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2024-02-07T04:39:30.000Z (11 months ago)
- Last Synced: 2024-11-08T10:03:56.022Z (about 1 month ago)
- Topics: entropy, evasion, malware-analysis, redteam, shellcode
- Language: Go
- Homepage:
- Size: 165 KB
- Stars: 22
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# EntropyCalc_Go
[English](https://github.com/yutianqaq/EntropyCalc_Go/blob/main/readme_en.md) [简体中文]
[MalDev Academy](https://maldevacademy.com/) 中 Binary Entropy Reduction 章节的二进制文件熵计算器的 Golang 实现
用于计算二进制文件熵值
根据 https://practicalsecurityanalytics.com/file-entropy/ 可得知合法软件与恶意软件熵值的分布
合法软件熵值为 4.8 - 7.2 之间
恶意软件熵值大于 7.2 (用红色标识)
可以配合 https://github.com/yutianqaq/Supernova_CN 来加密 Shellcode,降低熵值
## 安装
## 从源码构建
```
git clone https://github.com/yutianqaq/EntropyCalc_Go
cd EntropyCalc_Go
go build
```## 下载二进制版本
[https://github.com/yutianqaq/EntropyCalc/releases](https://github.com/yutianqaq/EntropyCalc_Go/releases)
## 使用方法
```
./EntropyCalc -file filename
```恶意软件
熵值用红色标识
![alt text](Pictures/image.png)
合法软件
熵值用绿色标识
![alt text](Pictures/image-1.png)
# 参考
- https://practicalsecurityanalytics.com/file-entropy/
- https://rosettacode.org/wiki/Entropy#Go
- [MalDev Academy](https://maldevacademy.com/)