Question 1

How do I detect packed executables using static analysis?

Accepted Answer

Start with the 'Literature' section, which includes papers on entropy analysis and PE header inspection. Tools like PEiD are referenced, but for modern approaches, see research on ML-based detectors using datasets like EMBER.

Question 2

What's the best tool for unpacking obfuscated Windows PE files?

Accepted Answer

The 'Tools' directory lists options such as PinDemonium and generic unpackers, but effectiveness depends on the packer. Check papers like 'Generic unpacking of self-modifying programs' for evaluations and methodologies.

Question 3

Executable packing vs. encryption: what's the difference in malware?

Accepted Answer

Packing is a broader category that can include encryption, compression, and more. The README defines these operations, and resources like 'Explained: Packer, crypter, and protector' detail how they're used for obfuscation in attacks.

Question 4

How can I build a simple packer for learning purposes?

Accepted Answer

Refer to tutorials in the 'Literature' section, such as 'Writing a PE packer' or 'Making our own executable packer,' which provide step-by-step guides on basic packing techniques without advanced anti-analysis.

Question 5

Is there a public dataset for training packer detection models?

Accepted Answer

Yes, the 'Datasets' section includes references to EMBER, BODMAS, and others used in ML research. Papers like 'EMBER: An open dataset for training static PE malware models' describe their structure and usage.

Question 6

PEiD vs. YARA for packer identification: which should I use?

Accepted Answer

PEiD is a specialized tool for PE files with built-in signatures, while YARA allows custom rule writing for flexibility. The repository lists resources for both; YARA is favored in modern research for adaptability, as seen in 'PackGenome' paper.

Awesome executable packing

What is Awesome executable packing?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions