Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Python script for packer identification

Published: 2007-09-28
Last Updated: 2007-09-28 03:21:11 UTC
by Jim Clausing (Version: 1)
0 comment(s)

In doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote (my first Python script) packerid.py which uses a peid database like this one (updated 2007-09-28 02:30 UTC) or Neil's collection or this one from Panda. Mine includes a few additional signatures or changes that I've made recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.  Until that happens, I'll be periodically updating mine, see the tools section of my handlers page.

Keywords:
0 comment(s)
Diary Archives