Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Python script for packer identification SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Python script for packer identification

In doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote (my first Python script) packerid.py which uses a peid database like this one (updated 2007-09-28 02:30 UTC) or Neil's collection or this one from Panda. Mine includes a few additional signatures or changes that I've made recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.  Until that happens, I'll be periodically updating mine, see the tools section of my handlers page.

Jim

416 Posts
ISC Handler
Sep 28th 2007

Sign Up for Free or Log In to start participating in the conversation!