Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Python script for packer identification SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Python script for packer identification

In doing malware analysis, I like to have some idea of the packer being used. I like PEiD, but it is Windows only and isn't command-line so it is difficult to script. After I saw a posting about Ero Carrera's pefile, I decided he had already done the hard work, so I wrote (my first Python script) packerid.py which uses a peid database like this one (updated 2007-09-28 02:30 UTC) or Neil's collection or this one from Panda. Mine includes a few additional signatures or changes that I've made recently. I've been in contact with Neil about getting them merged back into his and/or released with PEiD itself.  Until that happens, I'll be periodically updating mine, see the tools section of my handlers page.

I will be teaching next: Malware Reverse-Engineering Challenge - SANS San Antonio 2020

Jim

412 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!