rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updating conversion, creating readmes

Browse Source
This commit is contained in:
Jonas Zeunert
2024-04-19 23:37:46 +02:00
parent 3619ac710a
commit 08e75b0f0a
635 changed files with 30878 additions and 37344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
terminal/executablepacking
View File

@@ -1,7 +1,7 @@
 Awesome Executable Packing !Awesome (https://awesome.re/badge.svg) (https://awesome.re) 
 Awesome Executable Packing !Awesome (https://awesome.re/badge.svg) (https://awesome.re) 
▐ A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others) containing references to books, papers, blog posts, and other written 
▐ resources but also packers and tools for detecting packers and unpacking executables.
▐ A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others) containing references to books, papers, blog posts, and other written resources but also packers and 
▐ tools for detecting packers and unpacking executables.
Packing is the action of modifying an executable in a way that does not modify its purpose. It is generally one or a combination of the following operations:
- bundling: makes a single executable with multiple files
@@ -39,8 +39,7 @@
- :pushpin: Anti debugging protection techniques with examples (https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software)
- :page_facing_up: Anti-unpacker tricks (https://pferrie.tripod.com/papers/unpackers.pdf)
- :page_facing_up: Anti-unpacker tricks - Part 14 (and previous parts) (https://www.virusbulletin.com/virusbulletin/2010/11/anti-unpacker-tricks-part-fourteen/)
- :bar_chart: API deobfuscator: Resolving obfuscated API functions in modern packers 
(https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf)
- :bar_chart: API deobfuscator: Resolving obfuscated API functions in modern packers (https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf)
- :bar_chart: The art of unpacking (https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf)
- :earth_americas: Awesome executable packing (https://github.com/packing-box/awesome-executable-packing)
- :pushpin: Cloak and dagger: Unpacking hidden malware attacks (https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/unpacking-hidden-malware-attacks)
@@ -64,10 +63,8 @@
- :clipboard: Microsoft portable executable and common object file format specification (http://www.skyfree.org/linux/references/coff.pdf)
- :earth_americas: MITRE ATT&CK | T1027.002 | obfuscated files or information: Software packing (https://attack.mitre.org/techniques/T1027/002)
- :earth_americas: MZ disk operating system (DOS) (https://wiki.osdev.org/MZ)
- :bar_chart: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques 
(https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf)
- :scroll: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques 
(https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All.pdf)
- :bar_chart: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques (https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf)
- :scroll: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques (https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All.pdf)
- :pushpin: Packer detection tool evaluation (https://github.com/FFRI/PackerDetectionToolEvaluation)
- :page_facing_up: Packers (https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/corkami/packers.pdf) :star: :star: :star:
- :pushpin: Parsing mach-O files (https://lowlevelbits.org/parsing-mach-o-files)
@@ -83,8 +80,7 @@
- :closed_book: The "Ultimate" anti-debugging reference (http://pferrie.epizy.com/papers/antidebug.pdf)
- :pushpin: Unpacking, reversing, patching (https://resources.infosecinstitute.com/topic/unpacking-reversing-patching)
- :bar_chart: Virtual machine obfuscation (https://compil2019.minesparis.psl.eu/wp-content/uploads/2019/02/BeatriceCreusillet-Obfuscation-quarkslab.pdf)
- :bar_chart: We can still crack you! General unpacking method for Android Packer (NO ROOT) 
(https://www.blackhat.com/asia-15/briefings.html#we-can-still-crack-you-general-unpacking-method-for-android-packer-no-root)
- :bar_chart: We can still crack you! General unpacking method for Android Packer (NO ROOT) (https://www.blackhat.com/asia-15/briefings.html#we-can-still-crack-you-general-unpacking-method-for-android-packer-no-root)
- :bar_chart: When malware is packing heat (https://www.eurecom.fr/publication/5372)
- :clipboard: Win32 portable executable packing uncovered (https://securitylabs.websense.com/content/Assets/HistoryofPackingTechnology.pdf)
- :pushpin: Writing a packer (https://dr4k0nia.github.io/posts/Writing-a-Packer)
@@ -106,8 +102,7 @@
- :notebook: Anti-unpacker tricks (http://2008.caro.org/downloads/unpackers.pdf) (May 2008) 
- :mortar_board: An application of machine learning to analysis of packed mac malware (https://scholar.dsu.edu/theses/381) (May 2022) :star:
- :notebook: Application of string kernel based support vector machine for malware packer identification (https://ieeexplore.ieee.org/document/6707043) (August 2013) 
- :newspaper: The application research of virtual machine in packers (https://www.semanticscholar.org/paper/The-Application-Research-of-Virtual-Machine-in-Wen-yu/fff04e0073ac2018bff5242919cdca47deacad7a) (August
2011) 
- :newspaper: The application research of virtual machine in packers (https://www.semanticscholar.org/paper/The-Application-Research-of-Virtual-Machine-in-Wen-yu/fff04e0073ac2018bff5242919cdca47deacad7a) (August 2011) 
- :notebook: AppSpear: Bytecode decrypting and DEX reassembling for packed Android malware (https://link.springer.com/chapter/10.1007/978-3-319-26362-5_17) (November 2015) 
- :newspaper: The arms race: Adversarial search defeats entropy used to detect malware (https://www.sciencedirect.com/science/article/pii/S0957417418306535) (October 2018) 
- :newspaper: Automatic analysis of malware behavior using machine learning (https://dl.acm.org/doi/10.5555/2011216.2011217) (December 2011) 
@@ -126,8 +121,7 @@
- :notebook: Chosen-instruction attack against commercial code virtualization obfuscators (https://ink.library.smu.edu.sg/sis_research/7354) (April 2022) :star:
- :newspaper: Classification of packed executables for accurate computer virus detection (http://www.sciencedirect.com/science/article/pii/S0167865508002110) (October 2008) 
- :notebook: Classifying packed malware represented as control flow graphs using deep graph convolutional neural network (https://ieeexplore.ieee.org/document/9103752) (March 2020) :star:
- :notebook: Classifying packed programs as malicious software detected (https://www.semanticscholar.org/paper/Classifying-Packed-Programs-as-Malicious-Software-Osaghae/676f38819a0ed3028acce36f4f11b0c77e4cc0ae) 
(December 2016) :star:
- :notebook: Classifying packed programs as malicious software detected (https://www.semanticscholar.org/paper/Classifying-Packed-Programs-as-Malicious-Software-Osaghae/676f38819a0ed3028acce36f4f11b0c77e4cc0ae) (December 2016) :star:
- :newspaper: A close look at a daily dataset of malware samples (https://dl.acm.org/doi/10.1145/3291061) (January 2019) 
- :notebook: Collective classification for packed executable identification (https://doi.org/10.1145/2030376.2030379) (June 2012) 
- :notebook: A comparative analysis of classifiers in the recognition of packed executables (https://ieeexplore.ieee.org/abstract/document/8995252) (November 2019) 
@@ -148,13 +142,11 @@
- :notebook: Design and performance evaluation of binary code packing for protecting embedded software against reverse engineering (https://ieeexplore.ieee.org/document/5479571) (May 2010) 
- :newspaper: Detecting obfuscated malware using reduced opcode set and optimised runtime trace (https://security-informatics.springeropen.com/articles/10.1186/s13388-016-0027-2) (May 2016) 
- :notebook: Detecting packed executable file: Supervised or anomaly detection method? (https://ieeexplore.ieee.org/abstract/document/7784628) (August 2016) 
- :newspaper: Detecting packed executables based on raw binary data 
(https://www.semanticscholar.org/paper/DETECTING-PACKED-EXECUTABLES-BASED-ON-RAW-BINARY-Nataraja-Jacobb/53371424fb79de29a096e563b07fcae432f4d201) (June 2010) 
- :newspaper: Detecting packed executables based on raw binary data (https://www.semanticscholar.org/paper/DETECTING-PACKED-EXECUTABLES-BASED-ON-RAW-BINARY-Nataraja-Jacobb/53371424fb79de29a096e563b07fcae432f4d201) (June 2010) 
- :notebook: Detecting packed executables using steganalysis (https://ieeexplore.ieee.org/document/7018361) (December 2014) 
- :mortar_board: Detecting packed PE files: Executable file analysis for the Windows operating system (https://uia.brage.unit.no/uia-xmlui/handle/11250/2823655) (June 2021) :star:
- :notebook: Detecting traditional packers, decisively (https://link.springer.com/chapter/10.1007/978-3-642-41284-4_10) (October 2013) 
- :notebook: Detection of metamorphic malware packers using multilayered LSTM networks (https://www.springerprofessional.de/en/detection-of-metamorphic-malware-packers-using-multilayered-lstm/18635334) (November
2020) :star:
- :notebook: Detection of metamorphic malware packers using multilayered LSTM networks (https://www.springerprofessional.de/en/detection-of-metamorphic-malware-packers-using-multilayered-lstm/18635334) (November 2020) :star:
- :notebook: Detection of packed executables using support vector machines (https://ieeexplore.ieee.org/document/6016774) (July 2011) 
- :notebook: Detection of packed malware (https://doi.org/10.1145/2490428.2490431) (August 2012) 
- :notebook: DexHunter: Toward extracting hidden code from packed Android applications (https://link.springer.com/chapter/10.1007/978-3-319-24177-7_15) (September 2015) 
@@ -179,19 +171,16 @@
- :notebook: Evading machine learning malware detection (https://www.blackhat.com/us-17/briefings.html#bot-vs.-bot-for-evading-machine-learning-malware-detection) (July 2017) 
- :notebook: Experimental comparison of machine learning models in malware packing detection (https://ieeexplore.ieee.org/document/9237007) (September 2020) :star:
- :notebook: An experimental study on identifying obfuscation techniques in packer (https://docplayer.net/63501103-An-experimental-study-on-identifying-obfuscation-techniques-in-packer.html) (June 2016) 
- :mortar_board: Experimental toolkit for studying executable packing - Analysis of the state-of-the-art packing detection techniques (https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A35692) (June 2022)
:star:
- :mortar_board: Experimental toolkit for studying executable packing - Analysis of the state-of-the-art packing detection techniques (https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A35692) (June 2022) :star:
- :notebook: A fast flowgraph based classification system for packed and polymorphic malware on the endhost (https://ieeexplore.ieee.org/document/5474800/) (April 2010) 
- :notebook: A fast randomness test that preserves local detail (https://researchrepository.rmit.edu.au/esploro/outputs/conferenceProceeding/A-fast-randomness-test-that-preserves-local-detail/9921861589001341) 
(October 2008) 
- :notebook: A fast randomness test that preserves local detail (https://researchrepository.rmit.edu.au/esploro/outputs/conferenceProceeding/A-fast-randomness-test-that-preserves-local-detail/9921861589001341) (October 2008) 
- :notebook: Feature set reduction for the detection of packed executables (https://ieeexplore.ieee.org/document/6912767) (June 2014) 
- :newspaper: File packing from the malware perspective: Techniques, analysis approaches, and directions for enhancements (https://dl.acm.org/doi/10.1145/3530810) (December 2022) :star:
- :notebook: A fine-grained classification approach for the packed malicious code (https://link.springer.com/chapter/10.1007/978-3-642-34129-8_49) (October 2012) 
- :question: Generating adversarial malware examples for black-box attacks based on GAN (http://arxiv.org/abs/1702.05983) (February 2020) 
- :notebook: A generic approach to automatic deobfuscation of executable code (https://ieeexplore.ieee.org/document/7163054) (May 2015) :star: :star:
- :newspaper: Generic packing detection using several complexity analysis for accurate malware detection 
(https://www.researchgate.net/publication/332594129_Generic_Packing_Detection_using_Several_Complexity_Analysis_for_Accurate_Malware_Detection?channel=doi&linkId=5cbf828b299bf120977ac78a&showFulltext=true) 
(January 2014) 
(https://www.researchgate.net/publication/332594129_Generic_Packing_Detection_using_Several_Complexity_Analysis_for_Accurate_Malware_Detection?channel=doi&linkId=5cbf828b299bf120977ac78a&showFulltext=true) (January 2014) 
- :notebook: Generic unpacker of executable files (https://www.semanticscholar.org/paper/Generic-Unpacker-of-Executable-Files-Milkovi/413321c5a473d59c18e861c1478cd44f88142275) (April 2015) 
- :notebook: Generic unpacking method based on detecting original entry point (https://link.springer.com/chapter/10.1007/978-3-642-42054-2_74) (November 2013) 
- :newspaper: Generic unpacking of self-modifying, aggressive, packed binary programs (https://arxiv.org/abs/0905.4581) (May 2009) 
@@ -201,8 +190,8 @@
- :newspaper: Hashing-based encryption and anti-debugger support for packing multiple files into single executable (http://ijarcs.info/index.php/Ijarcs/article/view/5526/4622) (February 2018) 
- :notebook: A heuristic approach for detection of obfuscated malware (https://ieeexplore.ieee.org/document/5137328) (June 2009) 
- :newspaper: A heuristics-based static analysis approach for detecting packed PE binaries (http://dx.doi.org/10.14257/ijsia.2013.7.5.24) (October 2013) 
- :notebook: An implementation of a generic unpacking method on Bochs Emulator 
(https://www.semanticscholar.org/paper/An-Implementation-of-a-Generic-Unpacking-Method-on-HyungChanKim-Daisuke/d5c947520815105231673f1b87af57ed6abd379c) (September 2009) 
- :notebook: An implementation of a generic unpacking method on Bochs Emulator (https://www.semanticscholar.org/paper/An-Implementation-of-a-Generic-Unpacking-Method-on-HyungChanKim-Daisuke/d5c947520815105231673f1b87af57ed6abd379c) 
(September 2009) 
- :newspaper: An improved method for packed malware detection using PE header and section table information (https://www.mecs-press.org/ijcnis/ijcnis-v11-n9/v11n9-2.html) (September 2019) 
- :notebook: Information theoretic method for classification of packed and encoded files (https://dl.acm.org/doi/10.1145/2799979.2800015) (September 2015) 
- :notebook: Instructions-based detection of sophisticated obfuscation and packing (https://ieeexplore.ieee.org/document/6956729) (October 2014) 
@@ -236,19 +225,16 @@
- :notebook: Obfuscation: Where are we in anti-DSE protections? (a first attempt) (https://doi.org/10.1145/3371307.3371309) (December 2019) 
- :notebook: Obfuscator-LLVM: Software protection for the masses (May 2015) 
- :notebook: OmniUnpack: Fast, generic, and safe unpacking of malware (https://ieeexplore.ieee.org/document/4413009) (December 2007) 
- :newspaper: On deceiving malware classification with section injection 
(https://www.semanticscholar.org/paper/On-deceiving-malware-classification-with-section-Silva-Segundo/915faa4486a78a4f449c0f8028b773078bfdbd84) (August 2022) 
- :newspaper: On deceiving malware classification with section injection (https://www.semanticscholar.org/paper/On-deceiving-malware-classification-with-section-Silva-Segundo/915faa4486a78a4f449c0f8028b773078bfdbd84) (August 2022) 
- :question: On evaluating adversarial robustness (http://arxiv.org/abs/1902.06705) (February 2019) 
- :notebook: On the (Im)possibility of obfuscating programs (https://link.springer.com/chapter/10.1007/3-540-44647-8_1) (August 2001) 
- :newspaper: On the adoption of anomaly detection for packed executable filtering (https://www.sciencedirect.com/science/article/pii/S0167404814000522?via%3Dihub) (June 2014) 
- :notebook: OPEM: A static-dynamic approach for machine-learning-based malware detection (https://link.springer.com/chapter/10.1007/978-3-642-33018-6_28) (September 2012) 
- :newspaper: An original entry point detection method with candidate-sorting for more effective generic unpacking (https://www.jstage.jst.go.jp/article/transinf/E98.D/4/E98.D_2014EDP7268/_article) (January 
2015) 
- :newspaper: An original entry point detection method with candidate-sorting for more effective generic unpacking (https://www.jstage.jst.go.jp/article/transinf/E98.D/4/E98.D_2014EDP7268/_article) (January 2015) 
- :newspaper: Packed malware detection using entropy related analysis: A survey (https://api.semanticscholar.org/CorpusID:212493886) (November 2015) 
- :newspaper: Packed malware variants detection using deep belief networks (https://doi.org/10.1051/matecconf/202030902002) (March 2020) :star:
- :notebook: Packed PE file detection for malware forensics (https://ieeexplore.ieee.org/document/5404211) (December 2009) 
- :newspaper: Packer analysis report debugging and unpacking the NsPack 3.4 and 3.7 packer 
(https://www.sans.org/reading-room/whitepapers/malicious/packer-analysis-report-debugging-unpacking-nspack-34-37-packer-33428) (June 2010) 
- :newspaper: Packer analysis report debugging and unpacking the NsPack 3.4 and 3.7 packer (https://www.sans.org/reading-room/whitepapers/malicious/packer-analysis-report-debugging-unpacking-nspack-34-37-packer-33428) (June 2010) 
- :newspaper: Packer classification based on association rule mining (https://www.sciencedirect.com/science/article/pii/S1568494622005245) (September 2022) :star:
- :notebook: Packer classifier based on PE header information (https://dl.acm.org/doi/10.1145/2746194.2746213) (April 2015) 
- :newspaper: Packer detection for multi-layer executables using entropy analysis (https://www.mdpi.com/1099-4300/19/3/125) (March 2017) :star: :star:
@@ -275,19 +261,16 @@
- :notebook: Prevalence and impact of low-entropy packing schemes in the malware ecosystem (https://www.ndss-symposium.org/wp-content/uploads/2020/02/24297.pdf) (February 2020) :star:
- :bar_chart: Qualitative and quantitative evaluation of software packers (http://webdiis.unizar.es/~ricardo/files/slides/industrial/slides_NcN-15.pdf) (December 2015) 
- :notebook: RAMBO: Run-Time packer analysis with multiple branch observation (https://link.springer.com/chapter/10.1007/978-3-319-40667-1_10) (July 2016) :star:
- :mortar_board: REFORM: A framework for malware packer analysis using information theory and statistical methods 
(https://researchrepository.rmit.edu.au/view/delivery/61RMIT_INST/12246783310001341/13248377300001341) (April 2010) 
- :mortar_board: REFORM: A framework for malware packer analysis using information theory and statistical methods (https://researchrepository.rmit.edu.au/view/delivery/61RMIT_INST/12246783310001341/13248377300001341) (April 2010) 
- :notebook: Renovo: A hidden code extractor for packed executables (https://dl.acm.org/doi/10.1145/1314389.1314399) (November 2007) :star:
- :notebook: RePEconstruct: Reconstructing binaries with self-modifying code and import address table destruction (https://ieeexplore.ieee.org/document/7888727) (October 2016) 
- :notebook: RePEF — A system for restoring packed executable file for malware analysis (July 2011) 
- :notebook: Research and implementation of compression shell unpacking technology for PE file (https://ieeexplore.ieee.org/document/5231651) (May 2009) 
- :newspaper: Research and implementation of packing technology for PE files 
(https://www.semanticscholar.org/paper/Research-and-Implementation-of-Packing-Technology-Senlin/c973f26f2ac8c1861cc5d714f0d579135fa1491e) (January 2013) 
- :newspaper: Research and implementation of packing technology for PE files (https://www.semanticscholar.org/paper/Research-and-Implementation-of-Packing-Technology-Senlin/c973f26f2ac8c1861cc5d714f0d579135fa1491e) (January 2013) 
- :notebook: Research of software information hiding algorithm based on packing technology (https://link.springer.com/chapter/10.1007/978-981-15-8086-4_8) (September 2020) :star:
- :newspaper: Revealing packed malware (https://ieeexplore.ieee.org/document/4639028) (September 2008) 
- :notebook: Reverse engineering self-modifying code: Unpacker extraction (https://ieeexplore.ieee.org/document/5645447) (October 2010) 
- :mortar_board: Robust static analysis of portable executable malware (https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Robust%20Static%20Analysis%20ofPortable%20ExecutableMalware.pdf) 
(December 2014) 
- :mortar_board: Robust static analysis of portable executable malware (https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Robust%20Static%20Analysis%20ofPortable%20ExecutableMalware.pdf) (December 2014) 
- :bar_chart: Runtime packers testing experiences (https://docs.google.com/a/caro.org/viewer?a=v&pid=sites&srcid=Y2Fyby5vcmd8Y2Fyby13b3Jrc2hvcC0yMDA4fGd4OjZkNzk3MmI2YjZlMWMxZGI) (May 2008) 
- :notebook: SATURN - Software deobfuscation framework based on LLVM (https://dl.acm.org/doi/10.1145/3338503.3357721) (November 2019) :star:
- :newspaper: SCORE: Source code optimization & reconstruction (https://ieeexplore.ieee.org/document/9139493) (July 2020) :star:
@@ -295,8 +278,8 @@
- :newspaper: Secure and advanced unpacking using computer emulation (https://link.springer.com/article/10.1007%2Fs11416-007-0046-0) (August 2007) 
- :notebook: Semi-supervised learning for packed executable detection (https://ieeexplore.ieee.org/document/6060027) (September 2011) 
- :notebook: Semi-supervised learning for unknown malware detection (https://link.springer.com/chapter/10.1007/978-3-642-19934-9_53) (April 2011) 
- :newspaper: Sensitive system calls based packed malware variants detection using principal component initialized multilayers neural networks 
(https://cybersecurity.springeropen.com/articles/10.1186/s42400-018-0010-y) (September 2018) :star:
- :newspaper: Sensitive system calls based packed malware variants detection using principal component initialized multilayers neural networks (https://cybersecurity.springeropen.com/articles/10.1186/s42400-018-0010-y) (September 2018)
:star:
- :notebook: SOK: (state of) the art of war: Offensive techniques in binary analysis (May 2016) 
- :notebook: SoK: Automatic deobfuscation of virtualization-protected applications (https://doi.org/10.1145/3465481.3465772) (2021) :star:
- :notebook: SoK: Deep packer inspection: A longitudinal study of the complexity of run-time packers (https://ieeexplore.ieee.org/document/7163053) (May 2015) :star: :star: :star:
@@ -318,14 +301,12 @@
- :notebook: Symbolic execution of obfuscated code (https://dl.acm.org/doi/10.1145/2810103.2813663) (October 2015) :star:
- :notebook: Syntia: Synthesizing the semantics of obfuscated code (https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko) (August 2017) :star:
- :question: Technical report on the cleverhans v2.1.0 adversarial examples library (http://arxiv.org/abs/1610.00768) (June 2018) 
- :notebook: Things you may not know about Android (Un) packers: A systematic study based on whole-system emulation. (https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_04A-4_Duan_paper.pdf) 
(February 2018) 
- :notebook: Things you may not know about Android (Un) packers: A systematic study based on whole-system emulation. (https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_04A-4_Duan_paper.pdf) (February 2018) 
- :notebook: Thwarting real-time dynamic unpacking (https://dl.acm.org/doi/10.1145/1972551.1972556) (January 2011) 
- :notebook: A token strengthened encryption packer to prevent reverse engineering PE files (https://ieeexplore.ieee.org/document/7280213) (January 2015) 
- :notebook: Toward generic unpacking techniques for malware analysis with quantification of code revelation 
(https://www.researchgate.net/publication/255608911_Toward_Generic_Unpacking_Techniques_for_Malware_Analysis_with_Quantification_of_Code_Revelation) (August 2009) 
- :notebook: Towards paving the way for large-scale Windows malware analysis: Generic binary unpacking with orders-of-magnitude performance boost (https://dl.acm.org/doi/10.1145/3243734.3243771) (October 2018) 
:star: :star:
- :notebook: Towards paving the way for large-scale Windows malware analysis: Generic binary unpacking with orders-of-magnitude performance boost (https://dl.acm.org/doi/10.1145/3243734.3243771) (October 2018) :star: :star:
- :notebook: Towards static analysis of virtualization-obfuscated binaries (2012-10) 
- :notebook: Tutorial: An overview of malware detection and evasion techniques (https://inria.hal.science/hal-01964222) (December 2018) 
- :newspaper: Two techniques for detecting packed portable executable files (https://ieeexplore.ieee.org/document/6636333) (June 2013) 
@@ -340,8 +321,7 @@
- :notebook: VMAttack: Deobfuscating virtualization-based packed binaries (https://dl.acm.org/doi/10.1145/3098954.3098995) (August 2017) :star:
- :notebook: VMHunt: A verifiable approach to partially-virtualized binary code simplification (https://dl.acm.org/doi/10.1145/3243734.3243827) (October 2018) 
- :notebook: VMRe: A reverse framework of virtual machine protection packed binaries (https://ieeexplore.ieee.org/document/8923473) (June 2019) 
- :bar_chart: WaveAtlas: Surfing through the landscape of current malware packers (https://www.virusbulletin.com/virusbulletin/2016/12/vb2015-paper-waveatlas-surfing-through-landscape-current-malware-packers/) 
(September 2015) 
- :bar_chart: WaveAtlas: Surfing through the landscape of current malware packers (https://www.virusbulletin.com/virusbulletin/2016/12/vb2015-paper-waveatlas-surfing-through-landscape-current-malware-packers/) (September 2015) 
- :notebook: When malware is packin' heat; limits of machine learning classifiers based on static analysis features (https://www.ndss-symposium.org/wp-content/uploads/2020/02/24310.pdf) (January 2020) :star:
- :newspaper: WYSINWYX: What you see is not what you execute (https://dl.acm.org/doi/10.1145/1749608.1749612) (August 2010) 
- :newspaper: x64Unpack: Hybrid emulation unpacker for 64-bit Windows Environments and detailed analysis results on VMProtect 3.4 (https://ieeexplore.ieee.org/document/9139515) (July 2020) :star:
@@ -355,32 +335,32 @@
- Contagio (https://contagiodump.blogspot.com) - Contagio is a collection of the latest malware samples, threats, observations, and analyses.
- CyberCrime (https://cybercrime-tracker.net/vx.php) - C² tracking and malware database.
- Dataset of Packed ELF (https://github.com/dhondta/dataset-packed-elf) - Dataset of packed ELF samples.
- Dataset of Packed PE (https://github.com/dhondta/dataset-packed-pe) - Sanitized version of the original dataset, PackingData, removing packed samples from the Notpacked folder but also samples in packer 
folders that failed to be packed (having a same hash as the original unpacked executable).
- Dataset of Packed PE (https://github.com/dhondta/dataset-packed-pe) - Sanitized version of the original dataset, PackingData, removing packed samples from the Notpacked folder but also samples in packer folders that failed to be 
packed (having a same hash as the original unpacked executable).
- Ember (https://github.com/elastic/ember) - Collection of features from PE files that serve as a benchmark dataset for researchers.
- FFRI Dataset Scripts (https://github.com/FFRI/ffridataset-scripts) - Make datasets like FFRI Dataset.
- MaleX (https://github.com/Mayachitra-Inc/MaleX) - Curated dataset of malware and benign Windows executable samples for malware researchers containing 1,044,394 Windows executable binaries and corresponding 
image representations with 864,669 labelled as malware and 179,725 as benign.
- MaleX (https://github.com/Mayachitra-Inc/MaleX) - Curated dataset of malware and benign Windows executable samples for malware researchers containing 1,044,394 Windows executable binaries and corresponding image representations with 
864,669 labelled as malware and 179,725 as benign.
- Malfease (https://web.archive.org/web/20141221153307/http://malfease.oarci.net) - Dataset of about 5,000 packed malware samples.
- Malheur (https://www.sec.cs.tu-bs.de/data/malheur) - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see
the JCS article from 2011).
- Malheur (https://www.sec.cs.tu-bs.de/data/malheur) - Contains the recorded behavior of malicious software (malware) and has been used for developing methods for classifying and clustering malware behavior (see the JCS article from 
2011).
- Malicia (http://malicia-project.com/dataset.html) - Dataset of 11,688 malicous PE files collected from 500 drive-by download servers over a period of 11 months in 2013 (DISCONTINUED).
- MalShare (https://malshare.com) - Free Malware repository providing researchers access to samples, malicious feeds, and Yara results.
- The Malware Museum (https://archive.org/details/malwaremuseum) - The Malware Museum is a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.
- MalwareBazaar (https://bazaar.abuse.ch/browse) - Project operated by abuse.ch aimed to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and 
customers from cyber threats.
- MalwareBazaar (https://bazaar.abuse.ch/browse) - Project operated by abuse.ch aimed to collect and share malware samples, helping IT-security researchers and threat analysts protecting their constituency and customers from cyber 
threats.
- MalwareGallery (https://github.com/BaRRaKudaRain/MalwareGallery) - Yet another malware collection in the Internet.
- MalwareSamples (https://github.com/MalwareSamples) - Bringing you the best of the worst files on the Internet.
- MalwareTips (https://malwaretips.com/) - MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats.
- OARC Malware Dataset (https://www.dns-oarc.net) - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by 
the OARC, available to qualified academic and industry researchers upon request.
- OARC Malware Dataset (https://www.dns-oarc.net) - Semi-public dataset of 3,467 samples captured in the wild from Sep 2005 to Jan 2006 by mail traps, user submissions, honeypots and other sources aggregated by the OARC, available to 
qualified academic and industry researchers upon request.
- Open Malware Project (https://web.archive.org/web/20190116100735/http://www.offensivecomputing.net/) - Online collection of malware samples (formerly Offensive Computing).
- PackingData (https://github.com/chesvectain/PackingData) - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW,
Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
- PackingData (https://github.com/chesvectain/PackingData) - Original dataset with sample PE files packed with a large variety of packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG, JDPack, MEW, Molebox, MPRESS, 
Neolite, NSPack, Pckman, PECompact, PEtite, RLPack, UPX, WinUpack, Yoda's Crypter and Yoda's Protector.
- Packware (https://github.com/ucsb-seclab/packware) - Datasets and codes that are needed to reproduce the experiments in the paper "When Malware is Packing Heat".
- RCE Lab (https://github.com/apuromafo/RCE_Lab) - Crackme's, keygenme's, serialme's ; the "tuts4you" folder contains many packed binaries.
- Runtime Packers Testset (https://www.researchgate.net/publication/268030543_Runtime_Packers_The_Hidden_Problem) - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 
versions and options, with a total of about 5,000 samples.
- Runtime Packers Testset (https://www.researchgate.net/publication/268030543_Runtime_Packers_The_Hidden_Problem) - Dataset of 10 common Malware files, packed with about 40 different runtime packers in over 500 versions and options, 
with a total of about 5,000 samples.
- SAC (https://www.sac.sk/files.php?d=7&l=) - Slovak Antivirus Center, non-commercial project of AVIR and ESET companies ; contains packers, detectors and unpackers.
- SOREL (https://github.com/sophos-ai/SOREL-20M) - Sophos-ReversingLabs 20 Million dataset.
- theZoo (https://github.com/ytisf/theZoo) - Project created to make the possibility of malware analysis open and available to the public.
@@ -409,25 +389,25 @@
- Armadillo (https://web.archive.org/web/20030324043555/https://www.exetools.com/files/protectors/win/armd252b2.zip) - Incorporates both a license manager and wrapper system for protecting PE files.
- ASPack (http://www.aspack.com/aspack.html) - Advanced solution created to provide Win32 EXE file packing and to protect them against non-professional reverse engineering.
- ASProtect 32 (http://www.aspack.com/asprotect32.html) - Multifunctional EXE packing tool designed for software developers to protect 32-bit applications with in-built application copy protection system.
- ASProtect 64 (http://www.aspack.com/asprotect64.html) - Tool for protecting 64-bit applications and .NET applications for Windows against unauthorized use, industrial and home copying, professional hacking and
analysis of software products distributed over the Internet and on any physical media.
- ASProtect 64 (http://www.aspack.com/asprotect64.html) - Tool for protecting 64-bit applications and .NET applications for Windows against unauthorized use, industrial and home copying, professional hacking and analysis of software 
products distributed over the Internet and on any physical media.
- AutoIT (https://www.autoitscript.com/site) - Legitimate executable encryption service.
- AxProtector (https://www.wibu.com/us/products/protection-suite/axprotector.html) - Encrypts the complete software you aim to protect, and shields it with a security shell, AxEngine, best-of-breed 
anti-debugging and anti-disassembly methods are then injected into your software.
- AxProtector (https://www.wibu.com/us/products/protection-suite/axprotector.html) - Encrypts the complete software you aim to protect, and shields it with a security shell, AxEngine, best-of-breed anti-debugging and anti-disassembly 
methods are then injected into your software.
- BangCle (https://github.com/woxihuannisja/Bangcle) - Protection tool using the second generation Android Hardening Protection, loading the encrypted DEX file from memory dynamically.
- Bero (https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker) - Bero EXE Packer (BEP) for 32-bit windows executables.
- BIN-crypter (https://www.autoitscript.com/forum/topic/129383-bin-crypter/) - EXE protection software against crackers and decompilers.
- BoxedApp Packer (https://www.boxedapp.com/boxedapppacker)
- Code Virtualizer (https://www.oreans.com/CodeVirtualizer.php) - Code Virtualizer is a powerful code obfuscation system for Windows, Linux and macOS applications that helps developers to protect their sensitive
code areas against Reverse Engineering with very strong obfuscation code, based on code virtualization.
- Code Virtualizer (https://www.oreans.com/CodeVirtualizer.php) - Code Virtualizer is a powerful code obfuscation system for Windows, Linux and macOS applications that helps developers to protect their sensitive code areas against 
Reverse Engineering with very strong obfuscation code, based on code virtualization.
- ConfuserEx (https://github.com/mkaring/ConfuserEx) - An open-source, free protector for .NET applications.
- Crinkler (https://github.com/runestubbe/Crinkler) - Compressing linker for Windows, specifically targeted towards executables with a size of just a few kilobytes.
- DarkCrypt (https://totalcmd.net/plugring/darkcrypttc.html) - Simply and powerful plugin for Total Commander used for file encryption using 100 algorithms and 5 modes.
- DexGuard (https://www.guardsquare.com/en/products/dexguard) - Android app obfuscation & security protocols for mobile app protection.
- DexProtector (https://dexprotector.com/) - Multi-layered RASP solution that secures your Android and iOS apps against static and dynamic analysis, illegal use and tampering.
- DotBundle (https://web.archive.org/web/20160508074421/http://www.dotbundle.com:80/download.html) - GUI tool to compress, encrypt ad password-protect a .NET application or embed .NET libraries.
- DotNetZ (https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/NETZ.shtml) - Straightforward and lightweight, command-line piece of software written in C that allows you to compress and pack 
Microsoft .NET Framework executable files.
- DotNetZ (https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/NETZ.shtml) - Straightforward and lightweight, command-line piece of software written in C that allows you to compress and pack Microsoft .NET Framework 
executable files.
- ElecKey (https://www.sciensoft.com) - Suite of software and tools that offer a complete solution for software protection, copy protection, and license management.
- ELFCrypt (https://github.com/droberson/ELFcrypt) - Simple ELF crypter using RC4 encryption.
- ELFuck (https://github.com/timhsutw/elfuck) - ELF packer for i386 original version from sk2 by sd.
@@ -440,16 +420,15 @@
- GzExe (https://git.savannah.gnu.org/cgit/gzip.git) - Utility that allows to compress executables as a shell script.
- hXOR-Packer (https://github.com/rurararura/hXOR-Packer) - PE packer with Huffman compression and XOR encryption.
- LIAPP (https://liapp.lockincomp.com) - Easiest and most powerful mobile app security solution.
- LM-X License Manager (https://www.x-formation.com/lm-x-license-manager) - LM-X License Manager lets you protect your products against piracy by enforcing various levels of security, save time, and reduce 
business risks.
- LM-X License Manager (https://www.x-formation.com/lm-x-license-manager) - LM-X License Manager lets you protect your products against piracy by enforcing various levels of security, save time, and reduce business risks.
- m0dern_p4cker (https://github.com/n4sm/m0dern_p4cker) - Just a modern packer for elf binaries ( works on linux executables only ).
- MidgetPack (https://github.com/arisada/midgetpack) - Midgetpack is a binary packer for ELF binaries, such as burneye, upx or other tools.
- MPRESS (https://www.autohotkey.com/mpress/mpress_web.htm) - Compresses (using LZMA) and protects PE, .NET or Mach-O programs against reverse engineering.
- NetCrypt (https://github.com/friedkiwi/netcrypt) - A proof-of-concept packer for .NET executables, designed to provide a starting point to explain the basic principles of runtime packing.
- .netshrink (https://www.pelock.com/products/netshrink) - Executable compressor for your Windows or Linux .NET application executable file using LZMA.
- NPack (http://www.nsdsn.com/english/nspack.zip) - Can compress 32bits and 64bits exe, dll, ocx, scr Windows program.
- Obsidium (http://www.obsidium.de/show.php?home) - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to 
protect your 32- and 64-bit Windows software applications and games from reverse engineering.
- Obsidium (http://www.obsidium.de/show.php?home) - Feature-rich professional software protection and licensing system designed as a cost effective and easy to implement, yet reliable and non-invasive way to protect your 32- and 64-bit 
Windows software applications and games from reverse engineering.
- Origami (https://github.com/dr4k0nia/Origami) - Packer compressing .net assemblies, (ab)using the PE format for data storage.
- OSX_Packer (https://github.com/AlysonBee/OSX_Packer) - Binary packer for the Mach-O file format.
- Pakkero (https://github.com/89luca89/pakkero) - Pakkero is a binary packer written in Go made for fun and educational purpose.
@@ -457,10 +436,9 @@
- Papaw (https://github.com/dimkr/papaw) - Permissively-licensed packer for ELF executables using LZMA Zstandard or Deflate compression.
- PE-Packer (https://github.com/czs108/PE-Packer) - Simple packer for Windows 32-bits PE files.
- PE-Toy (https://github.com/r0ngwe1/petoy) - A PE file packer.
- PELock (https://www.pelock.com) - Software protection system for Windows executable files ; protects your applications from tampering and reverse engineering, and provides extensive support for software 
license key management, including support for time trial periods.
- PePacker (https://github.com/SamLarenN/PePacker) - Simple PE Packer Which Encrypts .text Section I release a simple PE file packer which encrypts the .text section and adds a decryption stub to the end of the 
last section.
- PELock (https://www.pelock.com) - Software protection system for Windows executable files ; protects your applications from tampering and reverse engineering, and provides extensive support for software license key management, 
including support for time trial periods.
- PePacker (https://github.com/SamLarenN/PePacker) - Simple PE Packer Which Encrypts .text Section I release a simple PE file packer which encrypts the .text section and adds a decryption stub to the end of the last section.
- PEShield (https://webscene.ir/tools/show/PE-SHIELD-0.25) - PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable.
- PESpin (http://downloads.fyxm.net/PESpin-95477.html)
- PEtite (https://www.un4seen.com/petite/) - Free Win32 (Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc) compressor.
@@ -472,12 +450,11 @@
- Smart Packer (https://www.smartpacker.nl) - Packs 32 & 64bit applications with DLLs, data files, 3rd party run-time into one single executable that runs instantly, with no installs or hassles.
- Squishy (https://logicoma.io/squishy) - Modern packer developed for 64kb demoscene productions, targets 32bit and 64bit executables.
- theArk (https://github.com/aaaddress1/theArk) - Windows x86 PE Packer In C++.
- Themida (https://www.oreans.com/themida.php) - From Renovo paper: Themida converts the original x86 instructions into virtual instructions in its own randomized instruction set, and then interpret these 
virtual instructions at run-time.
- Themida (https://www.oreans.com/themida.php) - From Renovo paper: Themida converts the original x86 instructions into virtual instructions in its own randomized instruction set, and then interpret these virtual instructions at 
run-time.
- UPX (https://upx.github.io/) - Ultimate Packer for eXecutables.
- VirtualMachineObfuscationPoC (https://github.com/eaglx/VirtualMachineObfuscationPoC) - Obfuscation method using virtual machine.
- VMProtect (https://vmpsoft.com/products/vmprotect) - VMProtect protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the 
software.
- VMProtect (https://vmpsoft.com/products/vmprotect) - VMProtect protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software.
- Ward (https://github.com/ex0dus-0x/ward) - Simple implementation of an ELF packer that creates stealthy droppers for loading malicious ELFs in-memory.
- xorPacker (https://github.com/nqntmqmqmb/xorPacker) - Simple packer working with all PE files which cipher your exe with a XOR implementation.
- ZProtect (http://www.jiami.net) - Renames metadata entities and supports advanced obfuscation methods that harden protection scheme and foil reverse engineering altogether.
@@ -487,13 +464,11 @@
Between 2000 and 2010
- 20to4 (http://20to4.net) - Executable compressor that is able to stuff about 20k of finest code and data into less than 4k.
- ACProtect (https://www.yaldex.com/Bestsoft/Utilities/acprotect.htm) - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock
code.
- ACProtect (https://www.yaldex.com/Bestsoft/Utilities/acprotect.htm) - Application that allows to protect Windows executable files against piracy, using RSA to create and verify the registration keys and unlock code.
- AHPack (https://www.delphibasics.info/home/delphibasicscounterstrikewireleases/ahpacker01byfeuerraderahteam) - PE and PE+ file packer.
- Application Protector (https://sourceforge.net/projects/balaji/) - Tool for protecting Windows applications.
- AT4RE Protector (https://en.52yma.com/thread-5444-1-1.html) - Very simple PE files protector programmed in ASM.
- AverCryptor (https://web.archive.org/web/20071012084924/http://secnull.org) - Small and very handy utility designed to encrypt notes in which you can store any private information - it helps to hide your 
infection from antiviruses.
- AverCryptor (https://web.archive.org/web/20071012084924/http://secnull.org) - Small and very handy utility designed to encrypt notes in which you can store any private information - it helps to hide your infection from antiviruses.
- BurnEye (https://packetstormsecurity.com/files/29691/burneye-1.0-linux-static.tar.gz.html) - Burneye ELF encryption program, x86-linux binary.
- ByteBoozer (https://csdb.dk/release/?id=33093) - Commodore 64 executable packer.
- CryptExec (http://phrack.org/issues/63/13.html) - Next-generation runtime binary encryption using on-demand function extraction.
@@ -513,23 +488,21 @@
- NTPacker (https://hacking-software-free-download.blogspot.com/2013/02/nt-packer-v21.html) - PE file packer relying on aPlib for compression and/or XOR for encryption.
- PECompact (http://www.bitsum.com/pec2.asp) - Windows executable compressor featuring third-party plug-ins offering protection against reverse engineering.
- RDMC (https://www.sac.sk/download/pack/rdm006be.zip) - DMC algorithm based packer.
- RLPack (https://web.archive.org/web/20070527132336/http://rlpack.jezgra.net) - Compresses your executables and dynamic link libraries in a way that keeps them small and has no effect on compressed file 
functionality.
- RLPack (https://web.archive.org/web/20070527132336/http://rlpack.jezgra.net) - Compresses your executables and dynamic link libraries in a way that keeps them small and has no effect on compressed file functionality.
- RSCC (https://defacto2.net/f/a520164?packer=rscc) - ROSE Super COM Crypt ; polymorph cryptor for files greater than 300-400B and smaller than 60kB.
- RUCC (https://defacto2.net/f/a520164?packer=rucc) - ROSE Ultra COM Compressor ; COM and EXE compression utility based on 624.
- Sentinel HASP Envelope (https://cpl.thalesgroup.com/en-gb/software-monetization/all-products/sentinel-hasp) - Wrapping application that protects the target application with a secure shield, providing a means 
to counteract reverse engineering and other anti-debugging measures.
- Sentinel HASP Envelope (https://cpl.thalesgroup.com/en-gb/software-monetization/all-products/sentinel-hasp) - Wrapping application that protects the target application with a secure shield, providing a means to counteract reverse 
engineering and other anti-debugging measures.
- sePACKER (https://sourceforge.net/projects/sepacker/) - Simple Executable Packer is compressing executables' code section inorder to decrease size of binary files.
- Shiva (https://packetstormsecurity.com/files/31087/shiva-0.95.tar.gz.html) - Shiva is a tool to encrypt ELF executables under Linux.
- tElock (https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml) - Telock is a practical tool that intends to help developers who want to protect their work and reduce the size of 
the executable files.
- tElock (https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml) - Telock is a practical tool that intends to help developers who want to protect their work and reduce the size of the executable files.
- TTProtect (http://www.ttprotect.com) - Professional protection tool designed for software developers to protect their PE applications against illegal modification or decompilation.
- UPack (https://www.sac.sk/download/pack/upack399.rar) - Compresses Windows PE file.
- UPX-Scrambler (https://defacto2.net/f/a520164?packer=upxs) - Scrambler for files packed with UPX (up to 1.06) so that they cannot be unpacked with the '-d' option.
- WinUpack (https://www.sac.sk/download/pack/wupck039.zip) - Graphical interface for Upack, a command-line program used to create self-extracting archives from Windows PE files.
- XComp (http://www.soft-lab.de/JoKo/index_old.htm) - PE32 image file packer and rebuilder.
- Yoda Crypter (https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download) - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import 
Table and erases PE Header.
- Yoda Crypter (https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download) - Supports polymorphic encryption, softice detection, anti-debug API's, anti-dumping, etc, encrypts the Import Table and erases PE 
Header.
- Yoda Protector (http://yodap.sourceforge.net) - Free, open source, Windows 32-bit software protector.
@@ -549,8 +522,7 @@
- C0NtRiVER (https://defacto2.net/f/a520164?packer=c0ntriver) - COM file encryptor.
- CauseWay Compressor (https://github.com/tkchia/causeway/tree/1ead4be14c9e536262e225f090b40b0c6cded286/watcom) - DOS EXE compressor.
- CC Pro (https://defacto2.net/f/a520164?packer=ccpro) - COM and EXE executable file compression utility.
- CEXE (https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/cexe10a.zip) - Compresses an input EXE into a smaller executable (only runs on WinNT, Win2000 and above - won't 
run on Win95 or Win98).
- CEXE (https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/cexe10a.zip) - Compresses an input EXE into a smaller executable (only runs on WinNT, Win2000 and above - won't run on Win95 or Win98).
- COMProtector (https://defacto2.net/f/a520164?packer=comprotector) - Adds a security envelope around DOS .COM files by randomly encrypting it and adding several anti-debugging tricks.
- CrackStop (https://defacto2.net/f/a520164?packer=crackstop) - Tool that creates a security envelope around a DOS EXE file to protect it against crackers.
- Crunch (https://defacto2.net/f/a520164?packer=crunch) - File encryptor for COM and EXE files.
@@ -572,8 +544,8 @@
- Pack-Ice (http://files.dhs.nu/files_source/axe.zip?pack-ice)
- PCShrink (https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/pcsnk071.zip) - Windows 9x/NT executable file compressor relying on the aPLib compression library.
- PE Diminisher (https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/ped.zip) - Simple PE packer relying on the aPLib compression library.
- PE-Protector (https://web.archive.org/web/20030324043555/https://www.exetools.com/files/protectors/win/pe-protector10.zip) - Encrypter/protector for Windows 9x/ME to protect executable files PEagainst reverse 
engineering or cracking with a very strong protection.
- PE-Protector (https://web.archive.org/web/20030324043555/https://www.exetools.com/files/protectors/win/pe-protector10.zip) - Encrypter/protector for Windows 9x/ME to protect executable files PEagainst reverse engineering or cracking 
with a very strong protection.
- PEBundle (http://www.collakesoftware.com/files/pebsetup.exe) - Physically attaches DLL(s) to an executable, resolving dependencies in memory.
- PEPack (https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/pepack10.zip) - PE compression tool based on the code of a newer version of PE-SHiELD.
- PKlite (https://defacto2.net/f/a520164?packer=pklite) - Easy-to-use file compression program for compressing DOS and Windows executable files.
@@ -615,8 +587,8 @@
- Bintropy (https://github.com/dhondta/bintropy) - Prototype analysis tool that estimates the likelihood that a binary file contains compressed or encrypted bytes.
- BinUnpack (https://doi.org/10.1145/3243734.3243771) - Unpacking approach free from tedious memory access monitoring, therefore introducing very small runtime overhead.
- Binutils (https://www.gnu.org/software/binutils) - The GNU Binutils are a collection of binary tools for Linux (it namely includes Readelf).
- BitBlaze (http://bitblaze.cs.berkeley.edu/release/index.html) - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system
emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems.
- BitBlaze (http://bitblaze.cs.berkeley.edu/release/index.html) - Analysis platform that features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary 
instrumentation, all to facilitate state-of-the art research on real security problems.
- Capa (https://github.com/mandiant/capa) - Open-source tool to identify capabilities in PE, ELF or .NET executable files.
- Capstone (https://www.capstone-engine.org) - Lightweight multi-platform, multi-architecture disassembly framework.
- CFF Explorer (https://ntcore.com/?page_id=388) - PE32/64 and .NET editor, part of the Explorer Suite.
@@ -632,12 +604,11 @@
- DSFF (https://github.com/packing-box/python-dsff) - DataSet File Format for exchanging datasets and converting to ARFF (for use with Weka), CSV or Packing-Box's dataset structure.
- DynamoRIO (https://dynamorio.org) - Runtime code manipulation system that supports code transformations on any part of a program, while it executes.
- Emulator 
(https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739
565-d49e172/how-does-the-emulator-in-symantec-endpoint-protect-v121004909-d47e230.html) - Symantec Endpoint Protector (from v14) capability to create a virtual machine on the fly to identify, detonate, and 
eliminate malware hiding inside custom malware packers.
(https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-does-the-
emulator-in-symantec-endpoint-protect-v121004909-d47e230.html) - Symantec Endpoint Protector (from v14) capability to create a virtual machine on the fly to identify, detonate, and eliminate malware hiding inside custom malware packers.
- EtherUnpack (https://ether.gtisc.gatech.edu/web_unpack) - Precision universal automated unpacker (successor of PolyUnpack).
- Eureka (https://web.archive.org/web/20150502154942/http://eureka.cyber-ta.org) - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis
and coarse-grained execution tracing.
- Eureka (https://web.archive.org/web/20150502154942/http://eureka.cyber-ta.org) - Binary static analysis preparation framework implementing a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained 
execution tracing.
- EXEInfo-PE (https://github.com/ExeinfoASL/ASL) - Fast detector for executable PE files.
- ExeScan (https://defacto2.net/f/ae2c42e) - Executable file analyzer which detects the most famous EXE/COM Protectors, Packers, Converters and compilers.
- EXETools (https://forum.exetools.com) - Forum for reverse engineering and executale packing related topics.
@@ -654,16 +625,15 @@
- Malheur (https://github.com/rieck/malheur) - Tool for the automatic analysis of malware behavior (recorded from malicious software in a sandbox environment).
- MalUnpack (https://github.com/hasherezade/mal_unpack) - Dynamic unpacker based on PE-sieve.
- Manalyze (https://github.com/JusticeRage/Manalyze) - Robust parser for PE files with a flexible plugin architecture which allows users to statically analyze files in-depth.
- MRC (https://mandiant-red-curtain.apponic.com) - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so 
on) to determine how suspicious they are based on a set of criteria.
- MRC (https://mandiant-red-curtain.apponic.com) - (Mandiant Red Curtain) Free software for Incident Responders that assists with the analysis of malware ; it examines executable files (e.g., .exe, .dll, and so on) to determine how 
suspicious they are based on a set of criteria.
- .NET Deobfuscator (https://github.com/NotPrab/.NET-Deobfuscator) - List of .NET Deobfuscators and Unpackers.
- Oedipus (https://github.com/tum-i4/Oedipus) - A Python framework that uses machine learning algorithms to implement the metadata recovery attack against obfuscated programs.
- OEPdet (https://ieeexplore.ieee.org/abstract/document/7782073) - Automated original-entry-point detector.
- OllyDbg Scripts (https://github.com/xshows/ollydbg-script) - Collection of OllyDbg scripts for unpacking many different packers.
- OmniUnpack (https://doi.org/10.1109/ACSAC.2007.15) - New technique for fast, generic, and safe unpacking of malware by monitoring the execution in real-time and detecting the removed layers of packing.
- PackerAttacker (https://github.com/BromiumLabs/PackerAttacker) - Tool that uses memory and code hooks to detect packers.
- PackerBreaker (https://www.portablefreeware.com/forums/viewtopic.php?t=21555) - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation 
technology.
- PackerBreaker (https://www.portablefreeware.com/forums/viewtopic.php?t=21555) - Tool for helping unpack, decompress and decrypt most of the programs packed, compressed or encrypted using advanced emulation technology.
- PackerGrind (https://github.com/rewhy/adaptiveunpacker) - Adaptive unpacking tool for tracking packing bahaviors and unpacking Android packed apps.
- PackerID (https://github.com/sooshie/packerid) - Fork of packerid.py using PEid signatures and featuring additional output types, formats, digital signature extraction, and disassembly support.
- PackID (https://github.com/mesaleh/PackiD) - Packer identification multiplatform tool/library using the same database syntax as PEiD.
@@ -673,8 +643,7 @@
- PCjs (https://www.pcjs.org) - PCjs uses JavaScript to recreate the IBM PC experience, using original ROMs, CPUs running at their original speeds, and early IBM video cards and monitors.
- PE Compression Test (http://pect.atspace.com/) - List of packers tested on a few sample executables for comparing compressed sizes.
- PE Detective (https://ntcore.com/?page_id=367) - This GUI tool can scan single PE files or entire directories (also recursevely) and generate complete reports.
- PE-bear (https://github.com/hasherezade/pe-bear-releases) - Freeware reversing tool for PE files aimed to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE 
files.
- PE-bear (https://github.com/hasherezade/pe-bear-releases) - Freeware reversing tool for PE files aimed to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
- PEdump (https://pedump.me/) - Dump windows PE files using Ruby.
- Pefeats (https://github.com/roussieau/masterthesis/tree/master/src/detector/tools/pefeats) - Utility for extracting 119 features from a PE file for use with machine learning algorithms.
- Pefile (https://github.com/erocarrera/pefile) - Multi-platform Python module to parse and work with Portable Executable files.
@@ -687,10 +656,10 @@
- PEscan (https://tzworks.com/prototype_page.php?proto_id=15) - CLI tool to scan PE files to identify how they were constructed.
- PETools (https://github.com/petoolse/petools) - Old-school reverse engineering tool (with a long history since 2002) for manipulating PE files.
- PEview (http://wjradburn.com/software) - Provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files.
- PExplorer (http://www.heaventools.com/overview.htm) - Most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries 
for which you do not have source code.
- Pin (https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html) - Dynamic binary instrumentation framework for the IA-32, x86-64 and MIC instruction-set 
architectures that enables the creation of dynamic program analysis tools.
- PExplorer (http://www.heaventools.com/overview.htm) - Most feature-packed program for inspecting the inner workings of your own software, and more importantly, third party Windows applications and libraries for which you do not have 
source code.
- Pin (https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html) - Dynamic binary instrumentation framework for the IA-32, x86-64 and MIC instruction-set architectures that enables 
the creation of dynamic program analysis tools.
- PINdemonium (https://github.com/Phat3/PINdemonium) - Unpacker for PE files exploiting the capabilities of PIN.
- PolyUnpack (https://github.com/PlatonovIvan/PolyUnpack) - Implemention attempt of the general approach for extracting the original hidden code of PE files without any heuristic assumptions.
- PortEx (https://github.com/katjahahn/PortEx) - Java library for static malware analysis of PE files with a focus on PE malformation robustness and anomaly detection.
@@ -704,20 +673,17 @@
- Reko (https://github.com/uxmal/reko) - Free decompiler for machine code binaries.
- REMINDer (https://doi.org/10.1109/CSA.2009.5404211) - Packing detection tool based on the entropy value of the entry point section and the WRITE attribute.
- REMnux (https://remnux.org) - Linux toolkit for reverse-engineering and analyzing malicious software.
- Renovo (https://doi.org/10.1145/1314389.1314399) - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after
the program starts.
- Renovo (https://doi.org/10.1145/1314389.1314399) - Detection tool built on top of TEMU (dynamic analysis component of BitBlaze) based on the execution of newly-generated code and monitoring memory writes after the program starts.
- ResourceHacker (http://angusj.com/resourcehacker) - Resource editor for 32bit and 64bit Windows applications.
- RetDec (https://github.com/avast/retdec) - Retargetable machine-code decompiler based on LLVM.
- RTD (https://www.sac.sk/download/pack/rtd_rp24.zip) - Rose Patch - TinyProt/Rosetiny Unpacker.
- RUPP (https://www.sac.sk/download/pack/rupp037.rar) - ROSE SWE UnPaCKER PaCKaGE (for DOS executables only).
- SAFE (mailto:mihai@cs.wisc.edu) - Static Analyzer For Executables (available on demand).
- ShowStopper (https://github.com/CheckPointSW/showstopper) - Tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard 
anti-debug methods.
- ShowStopper (https://github.com/CheckPointSW/showstopper) - Tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
- StudPE (http://www.cgsoftlabs.ro/studpe.html) - PE viewer and editor (32/64 bit).
- SymPack (https://www.amazon.com/Norton-AntiVirus-2007-Old-Version/dp/B000IAOIXW) - Safe, portable, largely effective but not generic library for packing detection and unpacking ; part of the Norton Antivirus 
solution.
- Titanium Platform (https://www.reversinglabs.com/products/malware-analysis-platform) - Machine learning hybrid cloud platform that harvests thousands of file types at scale, speeds threat detection through 
machine learning binary analysis, and continuously monitors an index of over 10B files for future threats.
- SymPack (https://www.amazon.com/Norton-AntiVirus-2007-Old-Version/dp/B000IAOIXW) - Safe, portable, largely effective but not generic library for packing detection and unpacking ; part of the Norton Antivirus solution.
- Titanium Platform (https://www.reversinglabs.com/products/malware-analysis-platform) - Machine learning hybrid cloud platform that harvests thousands of file types at scale, speeds threat detection through machine learning binary 
analysis, and continuously monitors an index of over 10B files for future threats.
- TrID (https://mark0.net/soft-trid-e.html) - Utility for identifying file types from their binary signatures.
- Triton (https://github.com/jonathansalwan/Triton) - Dynamic binary analysis library.
- Tuts 4 You (https://tuts4you.com) - Non-commercial, independent community dedicated to the sharing of knowledge and information on reverse code engineering.
@@ -731,8 +697,7 @@
- VMHunt (https://github.com/s3team/VMHunt) - Set of tools for analyzing virtualized binary code ; now only supports 32 bit traces.
- VMUnpacker (https://www.leechermods.com/2010/01/vmunpacker-16-latest-version.html) - Unpacker based on the technology of virtual machine.
- Winbindex (https://github.com/m417z/winbindex) - An index of Windows binaries, including download links for executables such as EXE, DLL and SYS files.
- yarGen (https://github.com/Neo23x0/yarGen) - Generator for YARA rules - The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in 
goodware files.
- yarGen (https://github.com/Neo23x0/yarGen) - Generator for YARA rules - The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.