awesome-awesomeness/html/executablepacking.html

<h1 id="awesome-executable-packing-awesome">Awesome Executable Packing
<a href="https://awesome.re"><img src="https://awesome.re/badge.svg"
alt="Awesome" /></a>
<a href="https://x.com/intent/tweet?text=Awesome%20Executable%20Packing%20-%20A%20curated%20list%20of%20resources%20related%20to%20the%20packing%20of%20various%20executable%20formats%20and%20its%20detection.%0D%0Ahttps%3a%2f%2fgithub%2ecom%2fdhondta%2fawesome-executable-packing%0D%0A&hashtags=awesomelists,malware,malwareresearch,executablepacking,cybersecurity,infosec"><img id="top" src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1>
<blockquote>
<p>A curated list of resources related to executable packing (including
Portable Executable, Executable and Linkable Format and others)
containing references to books, papers, blog posts, and other written
resources but also packers and tools for detecting packers and unpacking
executables.</p>
</blockquote>
<p><em>Packing</em> is the action of modifying an executable in a way
that does not modify its purpose. It is generally one or a combination
of the following operations: - bundling: makes a single executable with
multiple files - compression: compresses the executable to reduce its
original size - encoding: obfuscates the executable by encoding it -
encryption: obfuscates the executable by encrypting it - mutation:
alters the executable’s code so that it uses a modifided instruction set
and architecture (e.g. using oligomorphism) - protection: makes the
reversing of the executable harder (i.e. using anti-debugging,
anti-tampering or other tricks) - virtualization: embeds a virtual
machine that allows to virtualize executable’s instructions</p>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#books-literature">:books: Literature</a>
<ul>
<li><a href="#documentation">Documentation</a></li>
<li><a href="#scientific-research">Scientific Research</a></li>
</ul></li>
<li><a href="#bookmark_tabs-datasets">:bookmark_tabs: Datasets</a></li>
<li><a href="#package-packers">:package: Packers</a>
<ul>
<li><a href="#after-2010">After 2010</a></li>
<li><a href="#between-2000-and-2010">Between 2000 and 2010</a></li>
<li><a href="#before-2000">Before 2000</a></li>
</ul></li>
<li><a href="#wrench-tools">:wrench: Tools</a></li>
</ul>
<h2 id="books-literature">:books: Literature</h2>
<h3 id="documentation">Documentation</h3>
<ul>
<li>:earth_americas: <a
href="https://www.freebsd.org/cgi/man.cgi?a.out(5)">a.out (FreeBSD
manual pages)</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/A.out">A.out binary
format</a></li>
<li>:earth_americas: <a href="https://anti-debug.checkpoint.com">About
anti-debug tricks</a></li>
<li>:bar_chart: <a
href="https://www.fortiguard.com/events/759/2014-06-12-android-packers-separating-from-the-pack">Android
packers: Separating from the pack</a></li>
<li>:pushpin: <a
href="https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software">Anti
debugging protection techniques with examples</a></li>
<li>:page_facing_up: <a
href="https://www.virusbulletin.com/virusbulletin/2010/11/anti-unpacker-tricks-part-fourteen/">Anti-unpacker
tricks - Part 14 (and previous parts)</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf">API
deobfuscator: Resolving obfuscated API functions in modern
packers</a></li>
<li>:green_book: <a
href="https://www.oreilly.com/library/view/the-art-of/9781118824993">The
art of memory forensics: Detecting malware and threats in Windows,
Linux, and mac memory</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf">The
art of unpacking</a></li>
<li>:earth_americas: <a
href="https://github.com/packing-box/awesome-executable-packing">Awesome
executable packing</a></li>
<li>:earth_americas: <a
href="https://github.com/gmh5225/awesome-llvm-security">Awesome LLVM
security</a></li>
<li>:pushpin: <a
href="https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/unpacking-hidden-malware-attacks">Cloak
and dagger: Unpacking hidden malware attacks</a></li>
<li>:book: <a
href="https://en.wikipedia.org/w/index.php?title=Cluster_analysis&amp;oldid=1148034400">Cluster
analysis</a></li>
<li>:earth_americas: <a
href="https://developers.google.com/machine-learning/clustering/clustering-algorithms">Clustering
algorithms</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/COM">COM binary
format</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/COFF">Common object
file format (COFF)</a></li>
<li>:earth_americas: <a
href="https://en.wikipedia.org/wiki/Comparison_of_executable_file_formats">Comparison
of executable file formats</a></li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/1702388/">A complexity
measure</a></li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/106988">Cyclomatic complexity
density and software maintenance productivity</a></li>
<li>:earth_americas: <a
href="https://defacto2.net/g/defacto2net">Defacto2</a></li>
<li>:newspaper: <a href="https://jmlr.org/papers/v15/delgado14a.html">Do
we need hundreds of classifiers to solve real world classification
problems?</a></li>
<li>:bar_chart: <a
href="https://triton.quarkslab.com/files/sthack2016-rthomas-jsalwan.pdf">Dynamic
binary analysis and obfuscated codes</a></li>
<li>:earth_americas: <a
href="https://www.freebsd.org/cgi/man.cgi?elf(5)">elf (FreeBSD manual
pages)</a></li>
<li>:pushpin: <a
href="https://n10info.blogspot.com/2014/06/entropy-and-distinctive-signs-of-packed.html">Entropy
and the distinctive signs of packer PE files</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/ELF">Executable and
linkable format (ELF)</a></li>
<li>:clipboard: <a
href="https://refspecs.linuxfoundation.org/elf/elf.pdf">Executable and
linking format (ELF) specification</a></li>
<li>:earth_americas: <a
href="https://docs.fileformat.com/executable">Executable file
formats</a></li>
<li>:pushpin: <a
href="https://www.threatdown.com/blog/explained-packer-crypter-and-protector/">Explained:
Packer, crypter, and protector</a></li>
<li>:earth_americas: <a href="https://icculus.org/fatelf">FatELF:
Universal binaries for Linux (HALTED)</a></li>
<li>:newspaper: <a href="https://dl.acm.org/doi/10.1145/3136625">Feature
selection: A data perspective</a></li>
<li>:newspaper: <a href="https://distill.pub/2016/misread-tsne">How to
use t-SNE effectively</a></li>
<li>:clipboard: <a
href="https://www.exploit-db.com/docs/english/18849-hyperion-implementation-of-a-pe-crypter.pdf">Hyperion:
Implementation of a PE-Crypter</a></li>
<li>:scroll: <a
href="https://gsec.hitb.org/sg2015/sessions/session-001">Implementing
your own generic unpacker</a></li>
<li>:pushpin: <a href="https://redmaple.tech/blogs/macho-files">Mach-O -
A look at apple executable files</a></li>
<li>:earth_americas: <a
href="https://github.com/aidansteele/osx-abi-macho-file-format-reference">Mach-O
file format reference</a></li>
<li>:bar_chart: <a
href="https://yossarian.net/res/pub/macho-internals/macho-internals.pdf">Mach-O
internals</a></li>
<li>:book: <a
href="https://en.wikipedia.org/w/index.php?title=Machine_learning&amp;oldid=1148293340">Machine
learning</a></li>
<li>:pushpin: <a
href="https://fasterthanli.me/series/making-our-own-executable-packer">Making
our own executable packer</a></li>
<li>:newspaper: <a href="https://doi.org/10.1186/s13040-023-00322-4">The
matthews correlation coefficient (MCC) should replace the ROC AUC as the
standard metric for assessing binary classification</a></li>
<li>:clipboard: <a
href="https://www.skyfree.org/linux/references/coff.pdf">Microsoft
portable executable and common object file format specification</a></li>
<li>:earth_americas: <a
href="https://attack.mitre.org/techniques/T1027/002">MITRE ATT&amp;CK |
T1027.002 | obfuscated files or information: Software packing -
Enterprise</a></li>
<li>:earth_americas: <a
href="https://attack.mitre.org/techniques/T1406/002">MITRE ATT&amp;CK |
T1406.002 | obfuscated files or information: Software packing -
Mobile</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/MZ">MZ disk
operating system (DOS)</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/eu-24/arsenal/schedule/index.html?1#notpacked-evading-static-packing-detection-42187">NotPacked++:
Evading static packing detection</a></li>
<li>:earth_americas: <a
href="https://github.com/dubuqingfeng/ollydbg-script">OllyDbg OEP finder
scripts</a></li>
<li>:bookmark: <a href="https://arxiv.org/abs/1805.08612">On the
worst-case complexity of timsort</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf">One
packer to rule them all: Empirical identification, comparison and
circumvention of current antivirus detection techniques</a></li>
<li>:scroll: <a
href="https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All.pdf">One
packer to rule them all: Empirical identification, comparison and
circumvention of current antivirus detection techniques</a></li>
<li>:pushpin: <a
href="https://github.com/FFRI/PackerDetectionToolEvaluation">Packer
detection tool evaluation</a></li>
<li>:page_facing_up: <a
href="https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/corkami/packers.pdf">Packers</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/eu-23/arsenal/schedule/index.html#packing-box-breaking-detectors--visualizing-packing-35678">Packing-box:
Breaking detectors &amp; visualizing packing</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/eu-24/arsenal/schedule/index.html?2#packing-box-improving-detection-of-executable-packing-41931">Packing-box:
Improving detection of executable packing</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/eu-22/arsenal/schedule/index.html#packing-box-playing-with-executable-packing-29054">Packing-box:
Playing with executable packing</a></li>
<li>:pushpin: <a
href="https://lowlevelbits.org/parsing-mach-o-files">Parsing mach-O
files</a></li>
<li>:green_book: <a
href="https://dl.acm.org/doi/10.5555/1162264">Pattern recognition and
machine learning (Information science and statistics)</a></li>
<li>:earth_americas: <a
href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format">PE
format - Win32 apps</a></li>
<li>:scroll: <a
href="https://www.blackhat.com/docs/us-16/materials/us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables-wp.pdf">PinDemonium:
A DBI-based generic unpacker for Windows executables</a></li>
<li>:earth_americas: <a href="https://wiki.osdev.org/PE">Portable
executable (PE)</a></li>
<li>:green_book: <a
href="https://www.oreilly.com/library/view/practical-malware-analysis/9781593272906">Practical
malware analysis: The hands-on guide to dissecting malicious
software</a></li>
<li>:pushpin: <a
href="https://mgeeky.tech/protectmytooling">ProtectMyTooling - Don’t
detect tools, detect techniques</a></li>
<li>:bar_chart: <a
href="https://www.cse.tkk.fi/fi/opinnot/T-110.6220/2014_Reverse_Engineering_Malware_AND_Mobile_Platform_Security_AND_Software_Security/luennot-files/Binary%20Obfuscation%20and%20Protection.pdf">Reverse
engineering malware: Binary obfuscation and protection</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Morgenstern.pdf">Runtime
packers: The hidden problem?</a></li>
<li>:bookmark: <a href="https://arxiv.org/abs/1403.2877">A survey of
dimensionality reduction techniques</a></li>
<li>:bar_chart: <a
href="https://www.reversinglabs.com/blackhat/TitanMist_BlackHat-USA-10-Slides.pdf">TitanMist:
Your first step to reversing nirvana</a></li>
<li>:pushpin: <a
href="https://forum.tuts4you.com/forum/155-unpackme-net">Tuts 4 you -
UnPackMe (.NET)</a></li>
<li>:pushpin: <a
href="https://forum.tuts4you.com/forum/147-unpackme">Tuts 4 you |
unpackme</a></li>
<li>:green_book: <a
href="https://pferrie.epizy.com/papers/antidebug.pdf">The “Ultimate”
anti-debugging reference</a></li>
<li>:page_facing_up: <a
href="https://sam0x90.blog/2020/06/06/unpacking-binary-101/">Unpacking
binary 101</a></li>
<li>:pushpin: <a
href="https://medium.com/@elniak/unpacking-the-potential-of-packing-box-dfd765609233">Unpacking
the potential of “Packing box”</a></li>
<li>:pushpin: <a
href="https://www.infosecinstitute.com/resources/reverse-engineering/unpacking-reversing-patching">Unpacking,
reversing, patching</a></li>
<li>:bar_chart: <a
href="https://compil2019.minesparis.psl.eu/wp-content/uploads/2019/02/BeatriceCreusillet-Obfuscation-quarkslab.pdf">Virtual
machine obfuscation</a></li>
<li>:bar_chart: <a
href="https://www.blackhat.com/asia-15/briefings.html#we-can-still-crack-you-general-unpacking-method-for-android-packer-no-root">We
can still crack you! General unpacking method for Android Packer (NO
ROOT)</a></li>
<li>:bar_chart: <a href="https://www.eurecom.fr/publication/5372">When
malware is packing heat</a></li>
<li>:clipboard: <a
href="https://securitylabs.websense.com/content/Assets/HistoryofPackingTechnology.pdf">Win32
portable executable packing uncovered</a></li>
<li>:pushpin: <a
href="https://dr4k0nia.github.io/posts/Writing-a-Packer">Writing a
packer</a></li>
<li>:pushpin: <a
href="https://wirediver.com/tutorial-writing-a-pe-packer-part-1/">Writing
a PE packer</a></li>
<li>:pushpin: <a
href="https://github.com/levanvn/Packer_Simple-1">Writing a simple PE
packer in detail</a></li>
<li>:earth_americas: <a
href="https://en.wikibooks.org/wiki/X86_Disassembly/Windows_Executable_Files">x86
disassembly/Windows executable files</a></li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h3 id="scientific-research">Scientific Research</h3>
<ul>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007/s10489-021-02347-w">2-SPIFF:
A 2-stage packer identification method based on function call graph and
file attributes</a> (December 2021)</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007%2Fs00521-014-1558-4">Absent
extreme learning machine algorithm with application to packed executable
identification</a> (January 2016)</li>
<li>:newspaper: <a
href="https://www.jstage.jst.go.jp/article/transfun/E97.A/1/E97.A_253/_article">An
accurate packer identification method using support vector machine</a>
(January 2014)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7985676">Adaptive unpacking
of Android Apps</a> (May 2017)</li>
<li>:mortar_board: <a
href="https://researchportal.rma.ac.be/en/publications?1">Advanced
feature engineering for static detection of executable packing</a> (June
2024)</li>
<li>:newspaper: <a
href="https://www.fit.vut.cz/research/publication/10531">Advanced
preprocessing of binary executable files and its usage in retargetable
decompilation</a> (December 2014)</li>
<li>:newspaper: <a
href="https://www.semanticscholar.org/paper/Adversarial-Attacks-against-Windows-PE-Malware-A-of-Ling-Wu/055d0cdce6ad5c766543c8692a9e5bd37d2ed0a4">Adversarial
attacks against windows PE malware detection: A survey of the
state-of-the-art</a> (December 2021)</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.1145/3473039">Adversarial EXEmples: A
survey and experimental evaluation of practical attacks on machine
learning for windows malware detection</a> (September 2021) :star:</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/object/thesis:40178">Adversarial
learning on static detection techniques for executable packing</a> (June
2023) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8553214">Adversarial malware
binaries: Evading deep learning for malware detection in executables</a>
(September 2018)</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A48691">Adversarial
tool for breaking static detection of executable packing</a> (August
2024) :star:</li>
<li>:newspaper: <a
href="https://onlinelibrary.wiley.com/doi/10.1155/2019/5278137">All-in-one
framework for detection, unpacking, and verification for malware
analysis</a> (January 2019)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0167404823004467">Analysis
of machine learning approaches to packing detection</a> (October 2023)
:star: :star:</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007/s11416-017-0291-9">Anti-emulation
trends in modern packers: A survey on the evolution of anti-emulation
techniques in UPA packers</a> (May 2018)</li>
<li>:notebook: <a
href="https://pferrie.tripod.com/papers/unpackers.pdf">Anti-unpacker
tricks</a> (May 2008)</li>
<li>:mortar_board: <a href="https://scholar.dsu.edu/theses/381">An
application of machine learning to analysis of packed mac malware</a>
(May 2022) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6707043">Application of
string kernel based support vector machine for malware packer
identification</a> (August 2013)</li>
<li>:newspaper: <a
href="https://www.semanticscholar.org/paper/The-Application-Research-of-Virtual-Machine-in-Wen-yu/fff04e0073ac2018bff5242919cdca47deacad7a">The
application research of virtual machine in packers</a> (August
2011)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-319-26362-5_17">AppSpear:
Bytecode decrypting and DEX reassembling for packed Android malware</a>
(November 2015)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0957417418306535">The
arms race: Adversarial search defeats entropy used to detect malware</a>
(October 2018)</li>
<li>:closed_book: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-73887-6_12">Assessing
static and dynamic features for packing detection</a> (October 2024)
:star:</li>
<li>:page_facing_up: <a
href="https://arxiv.org/abs/2410.24017">Assessing the impact of packing
on machine learning-based malware detection and classification
systems</a> (October 2024) :star:</li>
<li>:mortar_board: <a
href="https://core.ac.uk/outputs/16750878">Automated static analysis of
virtual-machine packers</a> (August 2013)</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.5555/2011216.2011217">Automatic analysis
of malware behavior using machine learning</a> (December 2011)</li>
<li>:newspaper: <a
href="https://www.semanticscholar.org/reader/040a0020e054e050e52a829902cfe0defad8c6ac">Automatic
generation of adversarial examples for interpreting malware
classifiers</a> (March 2020)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5328814">Automatic static
unpacking of malware binaries</a> (October 2009)</li>
<li>:newspaper: <a
href="https://www.jstage.jst.go.jp/article/transinf/E101.D/12/E101.D_2017EDP7424/_article">BareUnpack:
Generic unpacking on the bare-metal operating system</a> (December
2018)</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.1145/2522968.2522972">Binary-code
obfuscations in prevalent packer tools</a> (October 2013)</li>
<li>:newspaper: <a
href="http://www.ijofcs.org/abstract-v06n1-pp03.html">BinStat tool for
recognition of packed executables</a> (September 2010)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/8951062">Birds of a feature:
Intrafamily clustering for version identification of packed malware</a>
(September 2020)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-540-89862-7_1">BitBlaze:
A new approach to computer security via binary analysis</a> (December
2008)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007%2F978-3-642-34704-7_3">Boosting
scalability in anomaly-based packed executable filtering</a> (November
2011)</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/object/thesis:45960">Building
a malware mutation tool</a> (June 2024) :star:</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/object/thesis:40611">Building
a mutation tool for binaries: Expanding a dynamic binary rewriting tool
to obfuscate malwares</a> (June 2023) :star: :star:</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A25193">Building
a smart and automated tool for packed malware detections using machine
learning</a> (June 2020)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/9312198">Bypassing
anti-analysis of commercial protector methods using DBI tools</a>
(January 2021)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8301720/">ByteWise: A case
study in neural network obfuscation identification</a> (January
2018)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3605764.3623914">Certified
robustness of static deep learning-based malware detectors against patch
and append attacks</a> (November 2023) :star:</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007%2F978-3-319-31153-1_11">Challenging
anti-virus through evolutionary malware obfuscation</a> (April
2016)</li>
<li>:notebook: <a
href="https://ink.library.smu.edu.sg/sis_research/7354">Chosen-instruction
attack against commercial code virtualization obfuscators</a> (April
2022)</li>
<li>:newspaper: <a
href="http://www.sciencedirect.com/science/article/pii/S0167865508002110">Classification
of packed executables for accurate computer virus detection</a> (October
2008)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/9103752">Classifying packed
malware represented as control flow graphs using deep graph
convolutional neural network</a> (March 2020) :star:</li>
<li>:notebook: <a
href="https://www.semanticscholar.org/paper/Classifying-Packed-Programs-as-Malicious-Software-Osaghae/676f38819a0ed3028acce36f4f11b0c77e4cc0ae">Classifying
packed programs as malicious software detected</a> (December 2016)</li>
<li>:newspaper: <a href="https://dl.acm.org/doi/10.1145/3291061">A close
look at a daily dataset of malware samples</a> (January 2019)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/proceedings/10.1145/2030376">Collective
classification for packed executable identification</a> (September
2011)</li>
<li>:bookmark: <a
href="https://www.researchsquare.com/article/rs-3974855/v1">A compact
multi-step framework for packing identification in portable executable
files for malware analysis</a> (February 2024)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/abstract/document/8995252">A
comparative analysis of classifiers in the recognition of packed
executables</a> (November 2019)</li>
<li>:newspaper: <a
href="https://www.researchgate.net/publication/281653855_A_Comparative_Analysis_of_Software_Protection_Schemes">A
comparative analysis of software protection schemes</a> (June 2014)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2046684.2046689">A comparative
assessment of malware classification using binary texture analysis and
dynamic analysis</a> (September 2011)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7782073">Comparing malware
samples for unpacking: A feasibility study</a> (August 2016)</li>
<li>:mortar_board: <a
href="https://caislab.kaist.ac.kr/publication/thesis_files/2009/Thesis_Hanyoung.pdf">Complexity-based
packed executable classification with high accuracy</a> (December
2008)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/9645824">A
comprehensive solution for obfuscation detection and removal based on
comparative analysis of deobfuscation tools</a> (October 2021)</li>
<li>:mortar_board: <a
href="https://raw.githubusercontent.com/jimmy-sonny/ConferencesAndTalks/master/Ms.C%20Thesis/Thesis_Marcelli.pdf">Computational-intelligence
techniques for malware generation</a> (October 2015)</li>
<li>:newspaper: <a
href="https://linkinghub.elsevier.com/retrieve/pii/S1574013721000186">Conceptual
and empirical comparison of dimensionality reduction algorithms (PCA,
KPCA, LDA, MDS, SVD, LLE, ISOMAP, LE, ICA, t-SNE)</a> (May 2021)</li>
<li>:newspaper: <a href="https://ieeexplore.ieee.org/document/8695825">A
consistently-executing graph-based approach for malware packer
identification</a> (April 2019)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/8170793">A
control flow graph-based signature for packer identification</a>
(October 2017)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0167404814000558">Control
flow-based opcode behavior analysis for malware detection</a> (July
2014)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6181079">Countering entropy
measure attacks on packed software detection</a> (January 2012)</li>
<li>:bar_chart: <a
href="https://2008.caro.org/program/dealing-with-virtualization-packers">Dealing
with virtualization packers</a> (May 2008)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1802.04528">Deceiving
end-to-end deep learning malware detectors using adversarial
examples</a> (January 2019)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3374664.3375741">Deceiving portable
executable malware classifiers into targeted misclassification with
practical adversarial examples</a> (March 2020)</li>
<li>:page_facing_up: <a href="https://arxiv.org/abs/2307.14657">Decoding
the secrets of machine learning in malware classification: A deep dive
into datasets, feature extraction, and model performance</a> (July 2023)
:star:</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-11145-7_19">Denial-of-service
attacks on host-based generic unpackers</a> (December 2009)</li>
<li>:mortar_board: <a
href="https://repository.arizona.edu/handle/10150/202716">Deobfuscation
of packed and virtualization-obfuscation protected binaries</a> (June
2011)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6388212">Design and
development of a new scanning core engine for malware detection</a>
(October 2012)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5479571">Design and
performance evaluation of binary code packing for protecting embedded
software against reverse engineering</a> (May 2010)</li>
<li>:newspaper: <a
href="https://security-informatics.springeropen.com/articles/10.1186/s13388-016-0027-2">Detecting
obfuscated malware using reduced opcode set and optimised runtime
trace</a> (May 2016)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/abstract/document/7784628">Detecting
packed executable file: Supervised or anomaly detection method?</a>
(August 2016)</li>
<li>:newspaper: <a
href="https://vision.ece.ucsb.edu/sites/vision.ece.ucsb.edu/files/publications/packed-unpacked-tech-report.pdf">Detecting
packed executables based on raw binary data</a> (June 2010)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7018361">Detecting packed
executables using steganalysis</a> (December 2014)</li>
<li>:mortar_board: <a
href="https://uia.brage.unit.no/uia-xmlui/handle/11250/2823655">Detecting
packed PE files: Executable file analysis for the Windows operating
system</a> (June 2021)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-41284-4_10">Detecting
traditional packers, decisively</a> (October 2013)</li>
<li>:newspaper: <a
href="https://doi.org/10.1186/2190-8532-1-1">Detecting unknown malicious
code by applying classification techniques on opcode patterns</a>
(February 2012)</li>
<li>:notebook: <a
href="https://link.springer.com/10.1007/978-3-030-61078-4_3">Detection
of metamorphic malware packers using multilayered LSTM networks</a>
(November 2020) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6016774">Detection of packed
executables using support vector machines</a> (July 2011)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2490428.2490431">Detection of
packed malware</a> (August 2012)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-319-24177-7_15">DexHunter:
Toward extracting hidden code from packed Android applications</a>
(September 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8939719">Disabling
anti-debugging techniques for unpacking system in user-level
debugger</a> (October 2019)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/9144572">DroidPDF: The
obfuscation resilient packer detection framework for Android Apps</a>
(July 2020)</li>
<li>:notebook: <a href="https://hal.inria.fr/inria-00431666">Dynamic
binary instrumentation for deobfuscation and unpacking</a> (November
2009)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6703681">Dynamic
classification of packing algorithms for inspecting executables using
entropy analysis</a> (October 2013)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/8959765">A
dynamic heuristic method for detecting packed malware using naive
bayes</a> (November 2019) :star:</li>
<li>:newspaper: <a
href="http://www.sciencedirect.com/science/article/pii/S0167404818311040">Effective,
efficient, and robust packing detection and classification</a> (May
2019) :star: :star: :star:</li>
<li>:newspaper: <a
href="https://academic.oup.com/comjnl/article-abstract/64/4/599/5940626">An
efficient algorithm to extract control flow-based features for ioT
malware detection</a> (April 2021)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-02617-1_32">Efficient
and automatic instrumentation for packed binaries</a> (June 2009)</li>
<li>:newspaper: <a
href="https://jise.iis.sinica.edu.tw/JISESearch/pages/View/PaperView.jsf?keyId=169_2256">Efficient
automatic original entry point detection</a> (January 2019)</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007%2Fs12046-015-0399-x">An
efficient block-discriminant identification of packed malware</a>
(August 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6621654">Efficient malware
packer identification using support vector machines with spectrum
kernel</a> (July 2013)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/8754440">Efficient SVM based
packer identification with binary diffing measures</a> (July 2019)</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.5555/2150963.2150968">ELF-Miner: Using
structural knowledge and data mining methods to detect new (Linux)
malicious executables</a> (March 2012)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1804.04637">EMBER: An open
dataset for training static PE malware machine learning models</a>
(April 2018) :star:</li>
<li>:notebook: <a
href="https://www.jstage.jst.go.jp/article/transinf/E94.D/9/E94.D_9_1778/_article">An
empirical evaluation of an unpacking method implemented with dynamic
binary instrumentation</a> (September 2011)</li>
<li>:notebook: <a
href="https://www.earticle.net/Article/A105986">Encoded executable file
detection technique via executable file header analysis</a> (April
2009)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3290480.3290494">Enhancing machine
learning based malware detection model by reinforcement learning</a>
(November 2018)</li>
<li>:notebook: <a
href="https://link.springer.com/article/10.1007/s10207-016-0330-4">Entropy
analysis to classify unknown packing algorithms for malware
detection</a> (May 2016) :star:</li>
<li>:newspaper: <a
href="https://www.scopus.com/inward/record.uri?eid=2-s2.0-85172316495&amp;doi=10.1016%2fj.tbench.2023.100106&amp;partnerID=40&amp;md5=74252d50feb21959b6563650c1c977c2">ERMDS:
A obfuscation dataset for evaluating robustness of learning-based
malware detection system</a> (May 2023)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2388576.2388607">ESCAPE: Entropy
score analysis of packed executable</a> (October 2012)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/1455770.1455779">Ether: Malware
analysis via hardware virtualization extensions</a> (October 2008)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007%2F978-3-540-88313-5_31">Eureka:
A framework for enabling static malware analysis</a> (October 2008)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&amp;arnumber=8676031">Evading
anti-malware engines with deep reinforcement learning</a> (March
2019)</li>
<li>:notebook: <a
href="https://www.blackhat.com/us-17/briefings.html#bot-vs.-bot-for-evading-machine-learning-malware-detection">Evading
machine learning malware detection</a> (July 2017)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-64171-8_9">Evading
packing detection: Breaking heuristic-based static detectors</a> (July
2024) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/9237007">Experimental
comparison of machine learning models in malware packing detection</a>
(September 2020) :star:</li>
<li>:notebook: <a
href="https://docplayer.net/63501103-An-experimental-study-on-identifying-obfuscation-techniques-in-packer.html">An
experimental study on identifying obfuscation techniques in packer</a>
(June 2016)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-61231-2_17">Experimental
toolkit for manipulating executable packing</a> (June 2024) :star:
:star:</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A35692">Experimental
toolkit for studying executable packing - Analysis of the
state-of-the-art packing detection techniques</a> (June 2022)
:star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8844597">Exploring
adversarial examples in malware detection</a> (May 2019)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/761722">Fast and robust
fixed-point algorithms for independent component analysis</a> (May
1999)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/5474800/">A
fast flowgraph based classification system for packed and polymorphic
malware on the endhost</a> (April 2010)</li>
<li>:notebook: <a
href="https://researchrepository.rmit.edu.au/esploro/outputs/conferenceProceeding/A-fast-randomness-test-that-preserves-local-detail/9921861589001341">A
fast randomness test that preserves local detail</a> (October 2008)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/8920059">Feature selection
for malware detection based on reinforcement learning</a> (December
2019)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0952197624012417">Feature
selection for packer classification based on association rule mining</a>
(August 2024) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6912767">Feature set
reduction for the detection of packed executables</a> (June 2014)</li>
<li>:newspaper: <a href="https://dl.acm.org/doi/10.1145/3530810">File
packing from the malware perspective: Techniques, analysis approaches,
and directions for enhancements</a> (December 2022) :star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/1495935">Fileprints:
Identifying file types by n-gram analysis</a> (June 2005)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-34129-8_49">A
fine-grained classification approach for the packed malicious code</a>
(October 2012)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/9437194">Functionality-preserving
black-box optimization of adversarial windows malware</a> (May 2021)
:star:</li>
<li>:bookmark: <a href="http://arxiv.org/abs/1702.05983">Generating
adversarial malware examples for black-box attacks based on GAN</a>
(February 2020)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/7163054">A
generic approach to automatic deobfuscation of executable code</a> (May
2015) :star:</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-030-00470-5_23">Generic
black-box end-to-end attack against state of the art API call based
malware classifiers</a> (September 2018)</li>
<li>:newspaper: <a
href="https://www.researchgate.net/publication/332594129_Generic_Packing_Detection_using_Several_Complexity_Analysis_for_Accurate_Malware_Detection?channel=doi&amp;linkId=5cbf828b299bf120977ac78a&amp;showFulltext=true">Generic
packing detection using several complexity analysis for accurate malware
detection</a> (January 2014)</li>
<li>:notebook: <a
href="https://www.semanticscholar.org/paper/Generic-Unpacker-of-Executable-Files-Milkovi/413321c5a473d59c18e861c1478cd44f88142275">Generic
unpacker of executable files</a> (April 2015)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-42054-2_74">Generic
unpacking method based on detecting original entry point</a> (November
2013)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/0905.4581">Generic
unpacking of self-modifying, aggressive, packed binary programs</a> (May
2009)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4909168">Generic unpacking
techniques</a> (February 2009)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5665789">Generic unpacking
using entropy analysis</a> (October 2010)</li>
<li>:notebook: <a
href="https://www.sstic.org/2016/presentation/gunpack/">Gunpack: Un
outil générique d’unpacking de malwares</a> (June 2016)</li>
<li>:newspaper: <a
href="http://ijarcs.info/index.php/Ijarcs/article/view/5526/4622">Hashing-based
encryption and anti-debugger support for packing multiple files into
single executable</a> (February 2018)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/5137328">A
heuristic approach for detection of obfuscated malware</a> (June
2009)</li>
<li>:newspaper: <a
href="http://article.nadiapub.com/IJSIA/vol7_no5/24.pdf">A
heuristics-based static analysis approach for detecting packed PE
binaries</a> (October 2013)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-89350-6_23">Highlighting
the impact of packed executable alterations with unsupervised
learning</a> (April 2025)</li>
<li>:newspaper: <a
href="https://www.mdpi.com/2078-2489/15/2/102">Identifying malware
packers through multilayer feature engineering in static analysis</a>
(February 2024) :star:</li>
<li>:notebook: <a
href="https://www.semanticscholar.org/paper/An-Implementation-of-a-Generic-Unpacking-Method-on-HyungChanKim-Daisuke/d5c947520815105231673f1b87af57ed6abd379c">An
implementation of a generic unpacking method on Bochs Emulator</a>
(September 2009)</li>
<li>:newspaper: <a
href="https://www.mecs-press.org/ijcnis/ijcnis-v11-n9/v11n9-2.html">An
improved method for packed malware detection using PE header and section
table information</a> (September 2019)</li>
<li>:newspaper: <a
href="https://onlinelibrary.wiley.com/doi/abs/10.1002/sec.1600">Improving
malware detection using multi-view ensemble learning</a> (August
2016)</li>
<li>:scroll: <a href="https://hal.science/hal-03940881">Incremental
clustering of malware packers using features based on transformed
CFG</a> (November 2022)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2799979.2800015">Information
theoretic method for classification of packed and encoded files</a>
(September 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6956729">Instructions-based
detection of sophisticated obfuscation and packing</a> (October
2014)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1911.02142">Intriguing
properties of adversarial ML attacks in the problem space</a> (March
2020)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1312.6199">Intriguing
properties of neural networks</a> (February 2014)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S1319157817300149">A
learning model to detect maliciousness of portable executable using
integrated feature set</a> (January 2017)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1801.08917">Learning to
evade static PE machine learning malware models via reinforcement
learning</a> (January 2018)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4413008">Limits of static
analysis for malware detection</a> (December 2007)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/2003.03100">MAB-Malware: A
reinforcement learning framework for attacking static malware
classifiers</a> (April 2021)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-030-86970-0_25">A
machine-learning-based framework for supporting malware detection and
analysis</a> (September 2021)</li>
<li>:mortar_board: <a
href="https://dspace.library.uvic.ca/handle/1828/3866">Maitland:
Analysis of packed and encrypted malware via paravirtualization
extensions</a> (June 2012)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7497952">Mal-EVE: Static
detection model for evasive malware</a> (August 2015)</li>
<li>:newspaper: <a
href="http://www.sciencedirect.com/science/article/pii/S1742287618303736">Mal-flux:
Rendering hidden code of packed binary executable</a> (March 2019)</li>
<li>:newspaper: <a
href="https://iopscience.iop.org/article/10.1088/1757-899X/453/1/012001">Mal-XT:
Higher accuracy hidden-code extraction of packed binary executable</a>
(November 2018)</li>
<li>:newspaper: <a
href="https://iopscience.iop.org/article/10.1088/1742-6596/801/1/012058">Mal-xtract:
Hidden code extraction using memory analysis</a> (January 2017)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S2214212622001296">MaliCage:
A packed malware family classification framework based on DNN and
GAN</a> (August 2022) :star:</li>
<li>:newspaper: <a href="https://arxiv.org/abs/1707.02691">Malware
analysis using multiple API sequence mining control flow graph</a> (July
2017)</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007%2Fs10207-014-0242-0">Malware
analysis using visualized images and entropy graphs</a> (February
2015)</li>
<li>:mortar_board: <a
href="https://api.semanticscholar.org/CorpusID:70282638">Malware
detection through opcode sequence analysis using machine learning</a>
(June 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8322598">Malware family
classification method based on static feature extraction</a> (December
2017)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2016904.2016908">Malware images:
Visualization and automatic classification</a> (July 2011)</li>
<li>:notebook: <a href="http://arxiv.org/abs/1912.09064">Malware
makeover: Breaking ML-based static analysis by modifying executable
bytes</a> (May 2021)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5633410">Malware obfuscation
techniques: A brief survey</a> (November 2010)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2739482.2764940">Malware
obfuscation through evolutionary packers</a> (July 2015)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/6171162">Malwise - An
effective and efficient classification system for packed and polymorphic
malware</a> (June 2013)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4721567">McBoost: Boosting
scalability in malware collection and analysis using statistical
classification of executables</a> (December 2008)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5665794">Memory
behavior-based automatic malware unpacking in stealth debugging
environment</a> (October 2010)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4413007">MetaAware:
Identifying metamorphic malware</a> (December 2007)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3015135.3015136">Metadata recovery
from obfuscated programs using machine learning</a> (December 2016)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3494108.3522768">MLxPack:
Investigating the effects of packers on ML-based malware detection
systems using static and dynamic traits</a> (May 2022) :star:</li>
<li>:notebook: <a
href="https://www.eurecom.fr/fr/publication/5584">Modern linux malware
exposed</a> (June 2018)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S2214212624002643">MSG:
Missing-sequence generator for metamorphic malware detection</a> (March
2025)</li>
<li>:notebook: <a
href="https://www.usenix.org/conference/atc13/technical-sessions/presentation/hu">MutantX-S:
Scalable malware clustering based on static features</a> (June
2013)</li>
<li>:notebook: <a href="https://www.earticle.net/Article/A147420">The
new signature generation method based on an unpacking algorithm and
procedure for a packer detection</a> (February 2011)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1511.04317">Novel feature
extraction, selection and fusion for effective malware family
classification</a> (March 2016)</li>
<li>:notebook: <a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/cheng-binlin">Obfuscation-resilient
executable payload extraction from packed malware</a> (August 2021)
:star:</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/5975134">Obfuscation: The
hidden malware</a> (August 2011)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3371307.3371309">Obfuscation: Where
are we in anti-DSE protections? (a first attempt)</a> (December
2019)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7174804">Obfuscator-LLVM:
Software protection for the masses</a> (May 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4413009">OmniUnpack: Fast,
generic, and safe unpacking of malware</a> (December 2007) :star:</li>
<li>:newspaper: <a href="https://arxiv.org/abs/2208.06092">On deceiving
malware classification with section injection</a> (August 2022)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1902.06705">On evaluating
adversarial robustness</a> (February 2019)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/3-540-44647-8_1">On the
(Im)possibility of obfuscating programs</a> (August 2001)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0167404814000522?via%3Dihub">On
the adoption of anomaly detection for packed executable filtering</a>
(June 2014)</li>
<li>:newspaper: <a
href="https://linkinghub.elsevier.com/retrieve/pii/S0020025511004336">Opcode
sequences as representation of executables for data-mining-based unknown
malware detection</a> (May 2013)</li>
<li>:newspaper: <a
href="https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.016865">Opcodes
as predictor for malware</a> (January 2008)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-33018-6_28">OPEM:
A static-dynamic approach for machine-learning-based malware
detection</a> (September 2012)</li>
<li>:newspaper: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-57537-2_22">Original
entry point detection based on graph similarity</a> (April 2024)</li>
<li>:newspaper: <a
href="https://www.jstage.jst.go.jp/article/transinf/E98.D/4/E98.D_2014EDP7268/_article">An
original entry point detection method with candidate-sorting for more
effective generic unpacking</a> (January 2015)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/10793050">Packed code
detection using shannon entropy and homomorphic encrypted
executables</a> (October 2024)</li>
<li>:newspaper: <a
href="https://www.semanticscholar.org/paper/7bc891420300f6e4c4d97d19a14d5c6a4dd422f0">Packed
malware detection using entropy related analysis: A survey</a> (November
2015)</li>
<li>:newspaper: <a
href="https://www.matec-conferences.org/articles/matecconf/abs/2020/05/matecconf_cscns2020_02002/matecconf_cscns2020_02002.html">Packed
malware variants detection using deep belief networks</a> (March
2020)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5404211">Packed PE file
detection for malware forensics</a> (December 2009)</li>
<li>:newspaper: <a
href="https://www.sans.org/reading-room/whitepapers/malicious/packer-analysis-report-debugging-unpacking-nspack-34-37-packer-33428">Packer
analysis report debugging and unpacking the NsPack 3.4 and 3.7
packer</a> (June 2010)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S1568494622005245">Packer
classification based on association rule mining</a> (July 2022)
:star:</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2746194.2746213">Packer classifier
based on PE header information</a> (April 2015)</li>
<li>:newspaper: <a href="https://www.mdpi.com/1099-4300/19/3/125">Packer
detection for multi-layer executables using entropy analysis</a> (March
2017) :star:</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3151137.3160687">Packer
identification based on metadata signature</a> (December 2017)</li>
<li>:notebook: <a
href="https://onlinelibrary.wiley.com/doi/abs/10.1002/cpe.5082">Packer
identification method based on byte sequences</a> (November 2018)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/9366089">Packer
identification method for multi-layer executables with k-Nearest
neighbor of entropies</a> (October 2020) :star:</li>
<li>:notebook: <a
href="https://link.springer.com/article/10.1007/s11416-015-0249-8">Packer
identification using byte plot and Markov plot</a> (September 2015)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-319-69456-6_8">Packer
identification using hidden Markov model</a> (November 2017)</li>
<li>:mortar_board: <a
href="https://webthesis.biblio.polito.it/7519/">Packer-complexity
analysis in PANDA</a> (January 2018)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3576915.3616625">PackGenome:
Automatically generating robust YARA rules for accurate malware packer
detection</a> (November 2023) :star:</li>
<li>:bookmark: <a
href="https://re.public.polimi.it/handle/11311/1284225">PackHero: A
scalable graph-based approach for efficient packer identification</a>
(July 2025)</li>
<li>:mortar_board: <a
href="https://theses.hal.science/tel-03781104">Packing detection and
classification relying on machine learning to stop malware
propagation</a> (December 2021)</li>
<li>:mortar_board: <a
href="https://www.researchgate.net/publication/268355151_Pandora%27s_Bochs_Automatic_Unpacking_of_Malware">Pandora’s
Bochs: Automatic unpacking of malware</a> (January 2008)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-14081-5_23">Pattern
recognition techniques for the classification of malware packers</a>
(July 2010)</li>
<li>:newspaper: <a href="https://www.ijcte.org/show-42-485-1.html">PE
file features in detection of packed executables</a> (January 2012)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/4654055">PE
file header analysis-based packed PE file detection technique (PHAD)</a>
(October 2008)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-04342-0_7">PE-Miner:
Mining structural information to detect malicious executables in
realtime</a> (September 2009)</li>
<li>:notebook: <a
href="https://www.semanticscholar.org/paper/PE-Probe%3A-Leveraging-Packer-Detection-and-to-Detect-Shafiq-Tabish/9811ec751f2b5bb41ee46c0ee2a3b6eccc39bb9a">PE-Probe:
Leveraging packer detection and structural information to detect
malicious portable executables</a> (June 2009)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-29280-4_28">PEAL
- Packed executable analysis</a> (January 2012)</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007/s11416-022-00417-2">PEzoNG:
Advanced packer for automated evasion on Windows</a> (December
2022)</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.1145/3643456">Pitfalls in machine
learning for computer security</a> (October 2024)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.5555/1855876.1855885">PolyPack: An
automated online packing service for optimal antivirus evasion</a>
(August 2009)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/4041175">PolyUnpack:
Automating the hidden-code extraction of unpack-executing malware</a>
(December 2006) :star2: :star2: :star2:</li>
<li>:newspaper: <a
href="http://ieeexplore.ieee.org/document/6473885/">Potent and stealthy
control flow obfuscation by stack based self-modifying code</a> (April
2013)</li>
<li>:newspaper: <a href="https://arxiv.org/abs/2207.05548">Practical
attacks on machine learning: A case study on adversarial windows
malware</a> (September 2022)</li>
<li>:notebook: <a
href="https://www.fit.vut.cz/research/publication/10200">Preprocessing
of binary executable files towards retargetable decompilation</a> (July
2013)</li>
<li>:notebook: <a
href="https://www.ndss-symposium.org/wp-content/uploads/2020/02/24297.pdf">Prevalence
and impact of low-entropy packing schemes in the malware ecosystem</a>
(February 2020) :star:</li>
<li>:bar_chart: <a
href="http://webdiis.unizar.es/~ricardo/files/slides/industrial/slides_NcN-15.pdf">Qualitative
and quantitative evaluation of software packers</a> (December 2015)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-319-40667-1_10">RAMBO:
Run-Time packer analysis with multiple branch observation</a> (July
2016) :star:</li>
<li>:mortar_board: <a
href="https://scispace.com/papers/reform-a-framework-for-malware-packer-analysis-using-2muwuyaeox">REFORM:
A framework for malware packer analysis using information theory and
statistical methods</a> (April 2010)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/1314389.1314399">Renovo: A hidden
code extractor for packed executables</a> (November 2007) :star:
:star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7888727">RePEconstruct:
Reconstructing binaries with self-modifying code and import address
table destruction</a> (October 2016)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6016777">RePEF — A system for
restoring packed executable file for malware analysis</a> (July
2011)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5231651">Research and
implementation of compression shell unpacking technology for PE file</a>
(May 2009)</li>
<li>:newspaper: <a
href="https://www.semanticscholar.org/paper/Research-and-Implementation-of-Packing-Technology-Senlin/c973f26f2ac8c1861cc5d714f0d579135fa1491e">Research
and implementation of packing technology for PE files</a> (January
2013)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-981-15-8086-4_8">Research
of software information hiding algorithm based on packing technology</a>
(September 2020)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/4639028">Revealing packed
malware</a> (September 2008)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5645447">Reverse engineering
self-modifying code: Unpacker extraction</a> (October 2010)</li>
<li>:mortar_board: <a
href="https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Robust%20Static%20Analysis%20ofPortable%20ExecutableMalware.pdf">Robust
static analysis of portable executable malware</a> (December 2014)</li>
<li>:bar_chart: <a
href="https://docs.google.com/a/caro.org/viewer?a=v&amp;pid=sites&amp;srcid=Y2Fyby5vcmd8Y2Fyby13b3Jrc2hvcC0yMDA4fGd4OjZkNzk3MmI2YjZlMWMxZGI">Runtime
packers testing experiences</a> (May 2008)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3338503.3357721">SATURN - Software
deobfuscation framework based on LLVM</a> (November 2019)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/9139493">SCORE: Source code
optimization &amp; reconstruction</a> (July 2020)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3422337.3447848">SE-PAC: A
self-evolving packer classifier against rapid packers evolution</a>
(April 2021) :star:</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007%2Fs11416-007-0046-0">Secure
and advanced unpacking using computer emulation</a> (August 2007)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6060027">Semi-supervised
learning for packed executable detection</a> (September 2011)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-19934-9_53">Semi-supervised
learning for unknown malware detection</a> (April 2011)</li>
<li>:newspaper: <a
href="https://cybersecurity.springeropen.com/articles/10.1186/s42400-018-0010-y">Sensitive
system calls based packed malware variants detection using principal
component initialized multilayers neural networks</a> (September
2018)</li>
<li>:newspaper: <a
href="https://www.sciencedirect.com/science/article/pii/S0045790622000210">Sequential
opcode embedding-based malware detection method</a> (March 2022)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7546500">SoK: (state of) the
art of war: Offensive techniques in binary analysis</a> (May 2016)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3465481.3465772">SoK: Automatic
deobfuscation of virtualization-protected applications</a> (August
2021)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/7163053">SoK: Deep packer
inspection: A longitudinal study of the complexity of run-time
packers</a> (May 2015) :star: :star:</li>
<li>:mortar_board: <a
href="https://api.semanticscholar.org/CorpusID:113759144">Source-free
binary mutation for offense and defense</a> (December 2014)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2490428.2490442">SPADE: Signature
based packer detection</a> (August 2012)</li>
<li>:newspaper: <a
href="http://pferrie.epizy.com/papers/con2010.htm">Standards and
policies on packer use</a> (October 2010)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8923331">Static analysis
method on portable executable files for REMNUX based malware
identification</a> (October 2019)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.5555/1251353.1251365">Static analysis of
executables to detect malicious patterns</a> (August 2003)</li>
<li>:mortar_board: <a href="https://www.ecam.be?1">Static features
exploration for executable packing with unsupervised learning</a> (June
2023)</li>
<li>:newspaper: <a href="http://arxiv.org/abs/1806.04773">Static malware
detection &amp; subterfuge: Quantifying the robustness of machine
learning and current anti-virus</a> (June 2018)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-642-37300-8_6">A
static, packer-agnostic filter to detect similar malware samples</a>
(July 2012)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007%2F978-3-642-21323-6_29">Structural
feature based anomaly detection for packed executable identification</a>
(June 2011)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6280206">The study of evasion
of packed PE from static detection</a> (June 2012)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-540-87403-4_6">A
study of the packer problem and its solutions</a> (September 2008)
:star:</li>
<li>:bookmark: <a href="https://arxiv.org/abs/2111.08223">A survey on
adversarial attacks for malware analysis</a> (January 2022)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/9718826">A
survey on machine learning-based detection and classification technology
of malware</a> (September 2021)</li>
<li>:newspaper: <a
href="https://ijaseit.insightsociety.org/index.php/ijaseit/article/view/6827">A
survey on malware analysis techniques: Static, dynamic, hybrid and
memory analysis</a> (September 2018)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/abstract/document/6174775">Survey on
malware evasion techniques: State of the art and challenges</a>
(February 2012)</li>
<li>:newspaper: <a
href="https://link.springer.com/article/10.1007/s10207-023-00759-y">A
survey on run-time packers and mitigation techniques</a> (November 2023)
:star:</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-319-93411-2_17">Symbolic
deobfuscation: From virtualized code back to the original</a> (July
2018)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/2810103.2813663">Symbolic execution
of obfuscated code</a> (October 2015) :star:</li>
<li>:notebook: <a
href="https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko">Syntia:
Synthesizing the semantics of obfuscated code</a> (August 2017)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/1610.00768">Technical
report on the cleverhans v2.1.0 adversarial examples library</a> (June
2018)</li>
<li>:notebook: <a
href="https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_04A-4_Duan_paper.pdf">Things
you may not know about Android (Un) packers: A systematic study based on
whole-system emulation.</a> (February 2018)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/1972551.1972556">Thwarting
real-time dynamic unpacking</a> (January 2011)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/7280213">A
token strengthened encryption packer to prevent reverse engineering PE
files</a> (January 2015)</li>
<li>:notebook: <a
href="https://www.researchgate.net/publication/255608911_Toward_Generic_Unpacking_Techniques_for_Malware_Analysis_with_Quantification_of_Code_Revelation">Toward
generic unpacking techniques for malware analysis with quantification of
code revelation</a> (August 2009)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3243734.3243771">Towards paving the
way for large-scale Windows malware analysis: Generic binary unpacking
with orders-of-magnitude performance boost</a> (October 2018)
:star:</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/6385102">Towards static
analysis of virtualization-obfuscated binaries</a> (October 2012)</li>
<li>:bookmark: <a href="https://arxiv.org/abs/2010.03856">Transcending
transcend: Revisiting malware classification in the presence of concept
drift</a> (December 2021)</li>
<li>:notebook: <a
href="https://inria.hal.science/hal-01964222">Tutorial: An overview of
malware detection and evasion techniques</a> (December 2018)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/6636333">Two techniques for
detecting packed portable executable files</a> (June 2013)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/5665795">Unconditional
self-modifying code elimination with dynamic compiler optimizations</a>
(October 2010)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8418602">Understanding linux
malware</a> (May 2018) :star:</li>
<li>:notebook: <a
href="http://link.springer.com/10.1007/978-3-540-89900-6_21">Unknown
malcode detection using OPCODE representation</a> (December 2008)</li>
<li>:notebook: <a href="https://ieeexplore.ieee.org/document/5374512">A
unpacking and reconstruction system-agunpacker</a> (January 2009)</li>
<li>:mortar_board: <a
href="https://repositorio-aberto.up.pt/bitstream/10216/68815/2/25935.pdf">Unpacking
framework for packed malicious executables</a> (July 2013)</li>
<li>:closed_book: <a
href="https://link.springer.com/chapter/10.1007/978-3-031-66245-4_13">Unpacking
malware in the real world: A step-by step guide</a> (July 2024)</li>
<li>:newspaper: <a
href="https://www.scientific.net/AMM.198-199.343">Unpacking techniques
and tools in malware analysis</a> (September 2012)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.5555/1855876.1855877">Unpacking
virtualization obfuscators</a> (August 2009)</li>
<li>:mortar_board: <a
href="https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A35687">Unsupervised
clustering machine learning on packed executable</a> (June 2022)</li>
<li>:newspaper: <a
href="https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.2622">UnThemida:
Commercial obfuscation technique analysis with a fully obfuscated
program</a> (July 2018)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/4140989">Using entropy
analysis to find encrypted and packed malware</a> (March 2007)</li>
<li>:notebook: <a
href="https://link.springer.com/chapter/10.1007/978-3-030-78621-2_6">VABox:
A virtualization-based analysis framework of virtualization-obfuscated
packed executables</a> (June 2021)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3098954.3098995">VMAttack:
Deobfuscating virtualization-based packed binaries</a> (August
2017)</li>
<li>:notebook: <a
href="https://dl.acm.org/doi/10.1145/3243734.3243827">VMHunt: A
verifiable approach to partially-virtualized binary code
simplification</a> (October 2018)</li>
<li>:notebook: <a
href="https://ieeexplore.ieee.org/document/8923473">VMRe: A reverse
framework of virtual machine protection packed binaries</a> (June
2019)</li>
<li>:bar_chart: <a
href="https://www.virusbulletin.com/virusbulletin/2016/12/vb2015-paper-waveatlas-surfing-through-landscape-current-malware-packers/">WaveAtlas:
Surfing through the landscape of current malware packers</a> (September
2015)</li>
<li>:notebook: <a
href="https://www.ndss-symposium.org/wp-content/uploads/2020/02/24310.pdf">When
malware is packin’ heat; limits of machine learning classifiers based on
static analysis features</a> (January 2020) :star: :star:</li>
<li>:newspaper: <a
href="https://dl.acm.org/doi/10.1145/1749608.1749612">WYSINWYX: What you
see is not what you execute</a> (August 2010)</li>
<li>:newspaper: <a
href="https://ieeexplore.ieee.org/document/9139515">x64Unpack: Hybrid
emulation unpacker for 64-bit Windows Environments and detailed analysis
results on VMProtect 3.4</a> (July 2020)</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h2 id="bookmark_tabs-datasets">:bookmark_tabs: Datasets</h2>
<ul>
<li><a href="https://github.com/whyisyoung/BODMAS">BODMAS</a> - Code for
our DLS’21 paper - BODMAS: An Open Dataset for Learning based Temporal
Analysis of PE Malware.</li>
<li><a href="https://contagiodump.blogspot.com">Contagio</a> - Contagio
is a collection of the latest malware samples, threats, observations,
and analyses.</li>
<li><a href="https://cybercrime-tracker.net/vx.php">CyberCrime</a> - C²
tracking and malware database.</li>
<li><a href="https://github.com/dhondta/dataset-packed-elf">Dataset of
Packed ELF</a> - Dataset of packed ELF samples.</li>
<li><a href="https://github.com/dhondta/dataset-packed-pe">Dataset of
Packed PE</a> - Sanitized version of the original dataset, PackingData,
removing packed samples from the Notpacked folder but also samples in
packer folders that failed to be packed (having a same hash as the
original unpacked executable).</li>
<li><a href="https://github.com/elastic/ember">Ember</a> - Collection of
features from PE files that serve as a benchmark dataset for
researchers.</li>
<li><a href="https://github.com/FFRI/ffridataset-scripts">FFRI Dataset
Scripts</a> - Make datasets like FFRI Dataset.</li>
<li><a href="https://github.com/Mayachitra-Inc/MaleX">MaleX</a> -
Curated dataset of malware and benign Windows executable samples for
malware researchers containing 1,044,394 Windows executable binaries and
corresponding image representations with 864,669 labelled as malware and
179,725 as benign.</li>
<li><a
href="https://web.archive.org/web/20141221153307/http://malfease.oarci.net">Malfease</a>
- Dataset of about 5,000 packed malware samples.</li>
<li><a
href="https://web.archive.org/web/20240928172928/https://www.sec.cs.tu-bs.de/data/malheur">Malheur</a>
- Contains the recorded behavior of malicious software (malware) and has
been used for developing methods for classifying and clustering malware
behavior (see the JCS article from 2011).</li>
<li><a
href="https://web.archive.org/web/20220615143940/http://malicia-project.com/dataset.html">Malicia</a>
- Dataset of 11,688 malicous PE files collected from 500 drive-by
download servers over a period of 11 months in 2013 (DISCONTINUED).</li>
<li><a href="https://malshare.com">MalShare</a> - Free Malware
repository providing researchers access to samples, malicious feeds, and
Yara results.</li>
<li><a href="https://github.com/jstrosch/malware-samples">Malware
Archive</a> - Malware samples, analysis exercises and other interesting
resources.</li>
<li><a href="https://archive.org/details/malwaremuseum">The Malware
Museum</a> - The Malware Museum is a collection of malware programs,
usually viruses, that were distributed in the 1980s and 1990s on home
computers.</li>
<li><a href="https://bazaar.abuse.ch/browse">MalwareBazaar</a> - Project
operated by abuse.ch aimed to collect and share malware samples, helping
IT-security researchers and threat analysts protecting their
constituency and customers from cyber threats.</li>
<li><a href="https://www.malwaregallery.com">MalwareGallery</a> - Yet
another malware collection in the Internet.</li>
<li><a href="https://github.com/MalwareSamples">MalwareSamples</a> -
Bringing you the best of the worst files on the Internet.</li>
<li><a href="https://malwaretips.com">MalwareTips</a> - MalwareTips is a
community-driven platform providing the latest information and resources
on malware and cyber threats.</li>
<li><a href="https://www.dns-oarc.net">OARC Malware Dataset</a> -
Semi-public dataset of 3,467 samples captured in the wild from Sep 2005
to Jan 2006 by mail traps, user submissions, honeypots and other sources
aggregated by the OARC, available to qualified academic and industry
researchers upon request.</li>
<li><a
href="https://web.archive.org/web/20190116100735/http://www.offensivecomputing.net/">Open
Malware Project</a> - Online collection of malware samples (formerly
Offensive Computing).</li>
<li><a href="https://github.com/chesvectain/PackingData">PackingData</a>
- Original dataset with sample PE files packed with a large variety of
packers, including ASPack, BeRoEXEPacker, exe32pack, eXpressor, FSG,
JDPack, MEW, Molebox, MPRESS, Neolite, NSPack, Pckman, PECompact,
PEtite, RLPack, UPX, WinUpack, Yoda’s Crypter and Yoda’s Protector.</li>
<li><a href="https://github.com/ucsb-seclab/packware">Packware</a> -
Datasets and codes that are needed to reproduce the experiments in the
paper “When Malware is Packing Heat”.</li>
<li><a href="https://github.com/apuromafo/RCE_Lab">RCE Lab</a> -
Crackme’s, keygenme’s, serialme’s ; the “tuts4you” folder contains many
packed binaries.</li>
<li><a
href="https://www.researchgate.net/publication/268030543_Runtime_Packers_The_Hidden_Problem">Runtime
Packers Testset</a> - Dataset of 10 common Malware files, packed with
about 40 different runtime packers in over 500 versions and options,
with a total of about 5,000 samples.</li>
<li><a href="https://www.sac.sk/files.php?d=7&amp;l=">SAC</a> - Slovak
Antivirus Center, non-commercial project of AVIR and ESET companies ;
contains packers, detectors and unpackers.</li>
<li><a href="https://github.com/sophos-ai/SOREL-20M">SOREL</a> -
Sophos-ReversingLabs 20 Million dataset.</li>
<li><a href="https://github.com/ytisf/theZoo">theZoo</a> - Project
created to make the possibility of malware analysis open and available
to the public.</li>
<li><a
href="https://web.archive.org/web/20200615094642/http://www.virusign.com/">ViruSign</a>
- Another online malware database.</li>
<li><a href="https://www.virussamples.com">VirusSamples</a> - Best of
the worst kind of files on the Internet.</li>
<li><a href="https://virusshare.com">VirusShare</a> - Virus online
database with more than 44 millions of samples.</li>
<li><a href="https://www.virussign.com">VirusSign</a> - Giant database
dedicated to combating malware in the digital world.</li>
<li><a href="https://www.virustotal.com/gui/">VirusTotal</a> - File
analysis Web service for detecting malware.</li>
<li><a
href="https://web.archive.org/web/20170817143838/http://vxheaven.org/">VX
Heaven</a> - Site dedicated to providing information about computer
viruses.</li>
<li><a href="https://vx-underground.org/Samples">VX Underground</a> -
PL-CERT based open source MWDB python application holding a malware
database containing every APT sample from 2010 and over 7.5M
maliciousbinaries.</li>
<li><a href="http://vxvault.net/ViriList.php">VXvault</a> - Online
malware database.</li>
<li><a
href="https://web.archive.org/web/20220927214837/http://www.wildlist.org/CurrentList.txt">WildList</a>
- Cooperative listing of malwares reported as being in the wild by
security professionals.</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h2 id="package-packers">:package: Packers</h2>
<h3 id="after-2010">After 2010</h3>
<ul>
<li><a href="https://alienyze.com">Alienyze</a> - Advanced software
protection and security for Windows 32-bit executables.</li>
<li><a
href="https://www.alternate-tools.com/pages/c_exepacker.php">Alternate
EXE Packer</a> - Compression tool for executable files (type EXE) or
DLL’s relying on UPX 3.96.</li>
<li><a href="https://github.com/EgeBalci/amber/releases">Amber</a> -
Position-independent(reflective) PE loader that enables in-memory
execution of native PE files(EXE, DLL, SYS).</li>
<li><a
href="https://blog.morphisec.com/andromeda-tactics-analyzed">Andromeda</a>
- Custom packer used in malware campaigns using RunPE techniques for
evading AV mitigation methods.</li>
<li><a href="https://sourceforge.net/projects/apkprotect">APKProtect</a>
- APK encryption and shell protection supporting Java and C++.</li>
<li><a
href="https://web.archive.org/web/20030324043555/https://www.exetools.com/files/protectors/win/armd252b2.zip">Armadillo</a>
- Incorporates both a license manager and wrapper system for protecting
PE files.</li>
<li><a href="https://github.com/DosX-dev/ASM-Guard">ASM Guard</a> -
Packer utility for compressing and complicating reversing compiled
native code (native files), protecting resources, adding DRM, and
packing into an optimized loader.</li>
<li><a href="http://www.aspack.com/aspack.html">ASPack</a> - Advanced
solution created to provide Win32 EXE file packing and to protect them
against non-professional reverse engineering.</li>
<li><a href="http://www.aspack.com/asprotect32.html">ASProtect 32</a> -
Multifunctional EXE packing tool designed for software developers to
protect 32-bit applications with in-built application copy protection
system.</li>
<li><a href="http://www.aspack.com/asprotect64.html">ASProtect 64</a> -
Tool for protecting 64-bit applications and .NET applications for
Windows against unauthorized use, industrial and home copying,
professional hacking and analysis of software products distributed over
the Internet and on any physical media.</li>
<li><a href="https://github.com/DosX-dev/Astral-PE">Astral-PE</a> -
Low-level mutator (Headers/EP obfuscator) for native Windows PE files
(x32/x64).</li>
<li><a href="https://www.autoitscript.com/site">AutoIT</a> - Legitimate
executable encryption service.</li>
<li><a
href="https://www.wibu.com/us/products/protection-suite/axprotector.html">AxProtector</a>
- Encrypts the complete software you aim to protect, and shields it with
a security shell, AxEngine, best-of-breed anti-debugging and
anti-disassembly methods are then injected into your software.</li>
<li><a href="https://github.com/woxihuannisja/Bangcle">BangCle</a> -
Protection tool using the second generation Android Hardening
Protection, loading the encrypted DEX file from memory dynamically.</li>
<li><a
href="https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker">Bero</a>
- Bero EXE Packer (BEP) for 32-bit windows executables.</li>
<li><a
href="https://www.autoitscript.com/forum/topic/129383-bin-crypter/">BIN-crypter</a>
- EXE protection software against crackers and decompilers.</li>
<li><a href="https://www.boxedapp.com/boxedapppacker">BoxedApp
Packer</a></li>
<li><a href="https://www.oreans.com/CodeVirtualizer.php">Code
Virtualizer</a> - Code Virtualizer is a powerful code obfuscation system
for Windows, Linux and macOS applications that helps developers to
protect their sensitive code areas against Reverse Engineering with very
strong obfuscation code, based on code virtualization.</li>
<li><a href="https://github.com/mkaring/ConfuserEx">ConfuserEx</a> - An
open-source, free protector for .NET applications.</li>
<li><a href="https://github.com/runestubbe/Crinkler">Crinkler</a> -
Compressing linker for Windows, specifically targeted towards
executables with a size of just a few kilobytes.</li>
<li><a
href="https://totalcmd.net/plugring/darkcrypttc.html">DarkCrypt</a> -
Simply and powerful plugin for Total Commander used for file encryption
using 100 algorithms and 5 modes.</li>
<li><a
href="https://www.guardsquare.com/en/products/dexguard">DexGuard</a> -
Android app obfuscation &amp; security protocols for mobile app
protection.</li>
<li><a href="https://dexprotector.com/">DexProtector</a> - Multi-layered
RASP solution that secures your Android and iOS apps against static and
dynamic analysis, illegal use and tampering.</li>
<li><a
href="https://web.archive.org/web/20160508074421/http://www.dotbundle.com:80/download.html">DotBundle</a>
- GUI tool to compress, encrypt ad password-protect a .NET application
or embed .NET libraries.</li>
<li><a
href="https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/NETZ.shtml">DotNetZ</a>
- Straightforward and lightweight, command-line piece of software
written in C that allows you to compress and pack Microsoft .NET
Framework executable files.</li>
<li><a href="https://www.sciensoft.com">ElecKey</a> - Suite of software
and tools that offer a complete solution for software protection, copy
protection, and license management.</li>
<li><a href="https://github.com/telepath9000/elf-packer">ELF Packer</a>
- Encrypts 64-bit elf files that decrypt at runtime.</li>
<li><a href="https://github.com/droberson/ELFcrypt">ELFCrypt</a> -
Simple ELF crypter using RC4 encryption.</li>
<li><a href="https://github.com/timhsutw/elfuck">ELFuck</a> - ELF packer
for i386 original version from sk2 by sd.</li>
<li><a href="https://www.enigmaprotector.com">Enigma Protector</a> -
Professional system for executable files licensing and protection.</li>
<li><a href="https://www.enigmaprotector.com/en/aboutvb.html">Enigma
Virtual Box</a> - Application virtualization system for Windows.</li>
<li><a href="https://github.com/Eronana/packer">Eronona-Packer</a> -
This is a packer for exe under win32.</li>
<li><a href="https://www.webtoolmaster.com/exebundle.htm">EXE Bundle</a>
- Bundles application files into a single PE32 file.</li>
<li><a href="http://www.webtoolmaster.com/packer.htm">EXE Stealth</a> -
Anti-cracking protection and licensing tool for PE files featuring
compression and encryption polymorphic technology.</li>
<li><a
href="https://github.com/guitmz/ezuri/blob/master/ezuri.go">Ezuri</a> -
A Simple Linux ELF Runtime Crypter.</li>
<li><a href="https://git.savannah.gnu.org/cgit/gzip.git">GzExe</a> -
Utility that allows to compress executables as a shell script.</li>
<li><a href="https://github.com/rurararura/hXOR-Packer">hXOR-Packer</a>
- PE packer with Huffman compression and XOR encryption.</li>
<li><a
href="https://github.com/nullsecuritynet/tools/tree/main/binary/hyperion">Hyperion</a></li>
<li><a href="https://liapp.lockincomp.com">LIAPP</a> - Easiest and most
powerful mobile app security solution.</li>
<li><a href="https://www.x-formation.com/lm-x-license-manager">LM-X
License Manager</a> - LM-X License Manager lets you protect your
products against piracy by enforcing various levels of security, save
time, and reduce business risks.</li>
<li><a href="https://github.com/n4sm/m0dern_p4cker">m0dern_p4cker</a> -
Just a modern packer for elf binaries ( works on linux executables only
).</li>
<li><a href="https://github.com/arisada/midgetpack">MidgetPack</a> -
Midgetpack is a binary packer for ELF binaries, such as burneye, upx or
other tools.</li>
<li><a
href="https://www.autohotkey.com/mpress/mpress_web.htm">MPRESS</a> -
Compresses (using LZMA) and protects PE, .NET or Mach-O programs against
reverse engineering.</li>
<li><a href="https://github.com/friedkiwi/netcrypt">NetCrypt</a> - A
proof-of-concept packer for .NET executables, designed to provide a
starting point to explain the basic principles of runtime packing.</li>
<li><a href="https://www.pelock.com/products/netshrink">.netshrink</a> -
Executable compressor for your Windows or Linux .NET application
executable file using LZMA.</li>
<li>NPack - Can compress 32bits and 64bits exe, dll, ocx, scr Windows
program.</li>
<li><a href="https://www.obsidium.de/product/sps/download">Obsidium</a>
- Feature-rich professional software protection and licensing system
designed as a cost effective and easy to implement, yet reliable and
non-invasive way to protect your 32- and 64-bit Windows software
applications and games from reverse engineering.</li>
<li><a href="https://github.com/dr4k0nia/Origami">Origami</a> - Packer
compressing .net assemblies, (ab)using the PE format for data
storage.</li>
<li><a
href="https://web.archive.org/web/20200929161737/https://github.com/AlysonBee/OSX_Packer">OS-X_Packer</a>
- Binary packer for the Mach-O file format.</li>
<li><a href="https://github.com/89luca89/pakkero">Pakkero</a> - Pakkero
is a binary packer written in Go made for fun and educational
purpose.</li>
<li><a href="https://github.com/iangcarroll/pakr">Pakr</a> - In-memory
packer for macOS Mach-O bundles.</li>
<li><a href="https://github.com/dimkr/papaw">Papaw</a> -
Permissively-licensed packer for ELF executables using LZMA Zstandard or
Deflate compression.</li>
<li><a href="https://github.com/czs108/PE-Packer">PE-Packer</a> - Simple
packer for Windows 32-bits PE files.</li>
<li><a href="https://github.com/r0ngwe1/petoy">PE-Toy</a> - A PE file
packer.</li>
<li><a href="https://www.pelock.com">PELock</a> - Software protection
system for Windows executable files ; protects your applications from
tampering and reverse engineering, and provides extensive support for
software license key management, including support for time trial
periods.</li>
<li><a href="https://github.com/SamLarenN/PePacker">PePacker</a> -
Simple PE Packer Which Encrypts .text Section I release a simple PE file
packer which encrypts the .text section and adds a decryption stub to
the end of the last section.</li>
<li><a href="https://webscene.ir/tools/show/PE-SHIELD-0.25">PEShield</a>
- PE-SHiELD is a program, which encrypts 32-bit Windows EXE files,
leaving them still executable.</li>
<li><a
href="http://downloads.fyxm.net/PESpin-95477.html">PESpin</a></li>
<li><a href="https://www.un4seen.com/petite/">PEtite</a> - Free Win32
(Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc)
compressor.</li>
<li><a href="https://www.youtube.com/watch?v=RZAWSCesiSs">PEzoNG</a> -
Framework for automatically creating stealth binaries that target a very
low detection rate in a Windows environment.</li>
<li><a href="https://github.com/phra/PEzor">PEzor</a> - Open-Source
Shellcode &amp; PE Packer.</li>
<li><a
href="https://github.com/mgeeky/ProtectMyTooling">ProtectMyTooling</a> -
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators
and other Red Team oriented weaponry.</li>
<li><a href="https://sourceforge.net/projects/rapidexe">RapidEXE</a> -
Simple and efficient way to convert a PHP/Python script to a standalone
executable.</li>
<li><a
href="https://github.com/SilentVoid13/Silent_Packer">Silent-Packer</a> -
Silent Packer is an ELF / PE packer written in pure C.</li>
<li><a
href="https://github.com/z3r0d4y5/Simple-PE32-Packer">Simple-PE32-Packer</a>
- Simple PE32 Packer with aPLib compression library.</li>
<li><a href="https://github.com/YuriSizuku/SimpleDpack">SimpleDPack</a>
- A very simple windows EXE packing tool for learning or investigating
PE structure.</li>
<li><a href="https://www.smartpacker.nl">Smart Packer</a> - Packs 32
&amp; 64bit applications with DLLs, data files, 3rd party run-time into
one single executable that runs instantly, with no installs or
hassles.</li>
<li><a href="https://logicoma.io/squishy">Squishy</a> - Modern packer
developed for 64kb demoscene productions, targets 32bit and 64bit
executables.</li>
<li><a href="https://github.com/aaaddress1/theArk">theArk</a> - Windows
x86 PE Packer In C++.</li>
<li><a href="https://www.oreans.com/themida.php">Themida</a> - From
Renovo paper: Themida converts the original x86 instructions into
virtual instructions in its own randomized instruction set, and then
interpret these virtual instructions at run-time.</li>
<li><a href="https://upx.github.io/">UPX</a> - Ultimate Packer for
eXecutables.</li>
<li><a
href="https://web.archive.org/web/20231226141018/https://github.com/eaglx/VirtualMachineObfuscationPoC">VirtualMachineObfuscationPoC</a>
- Obfuscation method using virtual machine.</li>
<li><a href="https://vmpsoft.com/products/vmprotect">VMProtect</a> -
VMProtect protects code by executing it on a virtual machine with
non-standard architecture that makes it extremely difficult to analyze
and crack the software.</li>
<li><a href="https://github.com/ex0dus-0x/ward">Ward</a> - Simple
implementation of an ELF packer that creates stealthy droppers for
loading malicious ELFs in-memory.</li>
<li><a href="https://github.com/Jibus22/woody_woodpacker">Woody Wood
Packer</a> - ELF packer - encrypt and inject self-decryption code into
executable ELF binary target.</li>
<li><a href="https://github.com/nqntmqmqmb/xorPacker">xorPacker</a> -
Simple packer working with all PE files which cipher your exe with a XOR
implementation.</li>
<li><a href="http://www.jiami.net">ZProtect</a> - Renames metadata
entities and supports advanced obfuscation methods that harden
protection scheme and foil reverse engineering altogether.</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h3 id="between-2000-and-2010">Between 2000 and 2010</h3>
<ul>
<li><a href="http://20to4.net">20to4</a> - Executable compressor that is
able to stuff about 20k of finest code and data into less than 4k.</li>
<li><a
href="https://www.yaldex.com/Bestsoft/Utilities/acprotect.htm">ACProtect</a>
- Application that allows to protect Windows executable files against
piracy, using RSA to create and verify the registration keys and unlock
code.</li>
<li><a
href="https://www.delphibasics.info/home/delphibasicscounterstrikewireleases/ahpacker01byfeuerraderahteam">AHPack</a>
- PE and PE+ file packer.</li>
<li><a href="https://sourceforge.net/projects/balaji/">Application
Protector</a> - Tool for protecting Windows applications.</li>
<li><a href="https://en.52yma.com/thread-5444-1-1.html">AT4RE
Protector</a> - Very simple PE files protector programmed in ASM.</li>
<li><a
href="https://web.archive.org/web/20071012084924/http://secnull.org">AverCryptor</a>
- Small and very handy utility designed to encrypt notes in which you
can store any private information - it helps to hide your infection from
antiviruses.</li>
<li><a
href="https://packetstormsecurity.com/files/29691/burneye-1.0-linux-static.tar.gz.html">BurnEye</a>
- Burneye ELF encryption program, x86-linux binary.</li>
<li><a href="https://csdb.dk/release/?id=33093">ByteBoozer</a> -
Commodore 64 executable packer.</li>
<li><a href="http://phrack.org/issues/63/13.html">CryptExec</a> -
Next-generation runtime binary encryption using on-demand function
extraction.</li>
<li><a href="http://www.exeicon.com/exeguarder">EXE Guarder</a> -
Licensing tool for PE files allowing to compress and specify a password
notice.</li>
<li><a
href="https://web.archive.org/web/20160331144211/http://533soft.com/exewrapper">EXE
Wrapper</a> - Protects any EXE file with a password from non-authorized
execution.</li>
<li><a href="https://exe32pack.apponic.com/">Exe32Pack</a> - Compresses
Win32 EXEs, DLLs, etc and dynamically expands them upon execution.</li>
<li><a
href="https://execryptor.freedownloadscenter.com/windows">EXECryptor</a>
- Protects EXE programs from reverse engineering, analysis,
modifications and cracking.</li>
<li><a
href="https://www.delphibasics.info/home/delphibasicscounterstrikewireleases/exefog11-executablepackerbybagie">ExeFog</a>
- Simple Win32 PE files packer.</li>
<li><a href="https://www.cgsoftlabs.ro/express.html">eXPressor</a> -
Used as a compressor this tool can compress EXE files to half their
normal size.</li>
<li><a
href="https://web.archive.org/web/20030324043555/https://www.exetools.com/files/compressors/win/fsg.zip">FSG</a>
- <em>Fast Small Good</em>, perfect compressor for small exes, eg.</li>
<li><a
href="https://www.delphibasics.info/home/delphibasicscounterstrikewireleases/ghfprotector10">GHF
Protector</a> - Executable packer / protector based on open source
engines Morphine and AHPack.</li>
<li><a href="https://defacto2.net/f/a520164?packer=hs">HackStop</a> -
EXE and COM programs encrypter and protector.</li>
<li><a href="http://www.farbrausch.de/~fg/kkrunchy">Kkrunchy</a> -
Kkrunchy is a small exe packer primarily meant for 64k intros.</li>
<li><a href="http://laturi.haxor.fi">Laturi</a> - Linker and compressor
intended to be used for macOS 1k, 4k and perhaps 64K intros.</li>
<li><a
href="https://blog.fearcat.in/a?ID=00050-86a031da-e36f-4409-9a08-d3d993dbf8f5">mPack</a>
- mPack - mario PACKersimple Win32 PE Executable compressor.</li>
<li><a href="https://nspack.apponic.com">NSPack</a> - 32/64-bits exe,
dll, ocx, scr Windows program compressor.</li>
<li><a
href="https://hacking-software-free-download.blogspot.com/2013/02/nt-packer-v21.html">NTPacker</a>
- PE file packer relying on aPlib for compression and/or XOR for
encryption.</li>
<li><a href="http://www.bitsum.com/pec2.asp">PECompact</a> - Windows
executable compressor featuring third-party plug-ins offering protection
against reverse engineering.</li>
<li><a href="https://www.sac.sk/download/pack/rdm006be.zip">RDMC</a> -
DMC algorithm based packer.</li>
<li><a
href="https://web.archive.org/web/20070527132336/http://rlpack.jezgra.net">RLPack</a>
- Compresses your executables and dynamic link libraries in a way that
keeps them small and has no effect on compressed file
functionality.</li>
<li><a href="https://defacto2.net/f/a520164?packer=rscc">RSCC</a> - ROSE
Super COM Crypt ; polymorph cryptor for files greater than 300-400B and
smaller than 60kB.</li>
<li><a href="https://defacto2.net/f/a520164?packer=rucc">RUCC</a> - ROSE
Ultra COM Compressor ; COM and EXE compression utility based on
624.</li>
<li><a
href="https://cpl.thalesgroup.com/en-gb/software-monetization/all-products/sentinel-hasp">Sentinel
HASP Envelope</a> - Wrapping application that protects the target
application with a secure shield, providing a means to counteract
reverse engineering and other anti-debugging measures.</li>
<li><a href="https://sourceforge.net/projects/sepacker/">sePACKER</a> -
Simple Executable Packer is compressing executables’ code section
inorder to decrease size of binary files.</li>
<li><a
href="https://packetstormsecurity.com/files/31087/shiva-0.95.tar.gz.html">Shiva</a>
- Shiva is a tool to encrypt ELF executables under Linux.</li>
<li><a
href="https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml">tElock</a>
- Telock is a practical tool that intends to help developers who want to
protect their work and reduce the size of the executable files.</li>
<li><a
href="https://web.archive.org/web/20081218083606/http://www.ttprotect.com/en/index.htm">TTProtect</a>
- Professional protection tool designed for software developers to
protect their PE applications against illegal modification or
decompilation.</li>
<li><a href="https://www.sac.sk/download/pack/upack399.rar">UPack</a> -
Compresses Windows PE file.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=upxs">UPX-Scrambler</a> -
Scrambler for files packed with UPX (up to 1.06) so that they cannot be
unpacked with the ‘-d’ option.</li>
<li><a href="https://www.sac.sk/download/pack/wupck039.zip">WinUpack</a>
- Graphical interface for Upack, a command-line program used to create
self-extracting archives from Windows PE files.</li>
<li><a href="http://rewolf.pl">x86.Virtualizer</a> - x86
Virtualizer.</li>
<li><a href="http://www.soft-lab.de/JoKo/index_old.htm">XComp</a> - PE32
image file packer and rebuilder.</li>
<li><a
href="https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download">Yoda
Crypter</a> - Supports polymorphic encryption, softice detection,
anti-debug API’s, anti-dumping, etc, encrypts the Import Table and
erases PE Header.</li>
<li><a href="http://yodap.sourceforge.net">Yoda Protector</a> - Free,
open source, Windows 32-bit software protector.</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h3 id="before-2000">Before 2000</h3>
<ul>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/32lte02d.zip">32Lite</a>
- Compression tool for executable files created with Watcom C/C++
compiler.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/624-11.zip">624</a>
- COM packer that can compress COM programs shorter than 25000
bytes.</li>
<li><a href="https://defacto2.net/f/a520164?packer=abk-scrambler">ABK
Scrambler</a> - COM file scrambler and protector recoded from
ABKprot.</li>
<li><a href="https://defacto2.net/f/a520164?packer=aep">AEP</a> -
Addition Encode-Protective for COM and EXE file.</li>
<li><a href="https://defacto2.net/f/a520164?packer=ainexe">AINEXE</a> -
DOS executable packer (part of the AIN Archiver suite).</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/apack099.zip">aPack</a>
- 16-bit real-mode DOS executable ( .EXE and .COM ) compressor.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/avpck122.zip">AVPack</a>
- Encrypts EXE or COM files so that they’ll be able to start on your PC
only.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/axe22.zip">AXE</a>
- Program compression utility.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=bin-lock">BIN-Lock</a> - COM
file scrambler for preventing reverse engineering.</li>
<li><a href="https://defacto2.net/f/a520164?packer=bitlok">BitLok</a> -
COM and EXE file protector.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=c0ntriver">C0NtRiVER</a> -
COM file encryptor.</li>
<li><a href="https://gitlab.com/tkchia/causeway">CauseWay Compressor</a>
- DOS EXE compressor.</li>
<li><a href="https://defacto2.net/f/a520164?packer=ccpro">CC Pro</a> -
COM and EXE executable file compression utility.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/cexe10a.zip">CEXE</a>
- Compresses an input EXE into a smaller executable (only runs on WinNT,
Win2000 and above - won’t run on Win95 or Win98).</li>
<li><a
href="https://defacto2.net/f/a520164?packer=comprotector">COMProtector</a>
- Adds a security envelope around DOS .COM files by randomly encrypting
it and adding several anti-debugging tricks.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=crackstop">CrackStop</a> -
Tool that creates a security envelope around a DOS EXE file to protect
it against crackers.</li>
<li><a href="https://defacto2.net/f/a520164?packer=crunch">Crunch</a> -
File encryptor for COM and EXE files.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/epack16.zip">EPack</a>
- EXE and COM file compressor ; works with DOS/Windows95 files.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=exeguard">ExeGuard</a> - DOS
EXE files free protector using anti-debugging ticks to prevent hacking,
analysis and unpacking.</li>
<li><a href="https://defacto2.net/f/a520164?packer=exelock666">EXELOCK
666</a> - Utility for protecting .EXE files so no lamers can hack out
the copyright.</li>
<li><a
href="http://files.dhs.nu/files_source/axe.zip?fire-pack">Fire-Pack</a></li>
<li><a href="https://defacto2.net/f/a520164?packer=fse">FSE</a> - Final
Fantasy Security Envelope freeware for protecting COM and EXE
progams.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=gardian-angel">Gardian
Angel</a> - COM and EXE encrypter and protector using a variety of
anti-debugging tricks.</li>
<li><a href="https://defacto2.net/f/a520164?packer=jmce">JMCryptExe</a>
- DOS EXE encrypter.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/lglz104b.zip">LGLZ</a>
- DOS EXE and COM file compressor using modified LZ77.</li>
<li><a href="https://defacto2.net/f/a520164?packer=lzexe">LzExe</a> -
MS-DOS executable file compressor.</li>
<li><a href="https://defacto2.net/f/a520164?packer=mask">Mask</a> - Tool
that prevents COM program from being cracked by using encryption and
anti-debugging tricks.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/megal120.zip">Megalite</a>
- MS-DOS executable file compressor.</li>
<li><a href="https://defacto2.net/f/a520164?packer=mess">Mess</a> - This
tool does the same as HackStop, with the exception that it is freeware
for non-commercial use.</li>
<li><a
href="https://github.com/bowlofstew/rootkit.com/blob/master/hf/Morphine27">Morphine</a>
- Application for PE files encryption.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/neolte20.zip">Neolite</a>
- Compresses Windows 32-bit EXE files and DLLs.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/pack201.zip">PACK</a>
- Executable files compressor.</li>
<li><a
href="http://files.dhs.nu/files_source/axe.zip?pack-ice">Pack-Ice</a></li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/pcsnk071.zip">PCShrink</a>
- Windows 9x/NT executable file compressor relying on the aPLib
compression library.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/ped.zip">PE
Diminisher</a> - Simple PE packer relying on the aPLib compression
library.</li>
<li><a
href="https://web.archive.org/web/20030324043555/https://www.exetools.com/files/protectors/win/pe-protector10.zip">PE-Protector</a>
- Encrypter/protector for Windows 9x/ME to protect executable files
PEagainst reverse engineering or cracking with a very strong
protection.</li>
<li><a href="https://bitsum.com/pebundle.htm">PEBundle</a> - Physically
attaches DLL(s) to an executable, resolving dependencies in memory.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/pepack10.zip">PEPack</a>
- PE compression tool based on the code of a newer version of
PE-SHiELD.</li>
<li><a href="https://defacto2.net/f/a520164?packer=pklite">PKlite</a> -
Easy-to-use file compression program for compressing DOS and Windows
executable files.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/pp219.zip">Pro-Pack</a>
- DOS executable file compressor.</li>
<li><a href="https://www.sac.sk/download/pack/rerp.rar">RERP</a> -
ROSE’s EXE Relocation Packer.</li>
<li><a href="https://www.sac.sk/download/pack/rjc-beta.zip">RJCrush</a>
- EXE and COM files compressor with the ability to compress
overlays.</li>
<li><a
href="https://defacto2.net/f/a520164?packer=scorpion">Scorpion</a> - EXE
and COM file encrypter and protector.</li>
<li><a
href="https://web.archive.org/web/20210119235522/https://www.exetools.com/files/compressors/win/secupack15.zip">SecuPack</a>
- Win32 executable compressor.</li>
<li><a href="https://www.sac.sk/download/pack/shrinker.exe">Shrinker</a>
- Compresses (up to 70%) 16 and 32 bit Windows and real mode DOS
programs.</li>
<li><a
href="https://www.sac.sk/download/pack/spack20.zip">SPack</a></li>
<li><a href="https://defacto2.net/f/a520164?packer=%24pirit">$PIRIT</a>
- COM/EXE executable files polymorphic encryptor.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/syspack.zip">SysPack</a>
- Device drivers compressor.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/tpack05.zip">T-Pack</a>
- Executable COM-FILE compressor (LZ77) optimized for small files like
BBS-Addys or similar files.</li>
<li><a href="https://www.sac.sk/download/pack/tinyp39.zip">TinyProg</a>
- EXE and COM programs compressor.</li>
<li><a href="https://defacto2.net/f/a520164?packer=trap">TRAP</a> - EXE
and COM files encrypter and protector.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/vacuum.zip">Vacuum</a>
- Runtime Compressor for DOS32 executables.</li>
<li>VGCrypt - PE crypter for Win95/98/NT.</li>
<li><a href="https://www.sac.sk/download/pack/winlite1.zip">WinLite</a>
- Compresses Windows executables (such as Pklite, Diet or Wwpack) for
executables programs under DOS.</li>
<li><a href="https://defacto2.net/f/a520164?packer=wwpack">WWPack</a> -
Squeezes EXE files, compresses relocation tables, optimizes headers,
protects EXE files from hacking.</li>
<li><a href="https://defacto2.net/f/a520164?packer=xe">XE</a> - PE32
image file packer and rebuilder.</li>
<li><a href="https://defacto2.net/f/a520164?packer=xorcopy">XorCopy</a>
- COM file XOR-based encrypter.</li>
<li><a href="https://defacto2.net/f/a520164?packer=xorer">XORER</a> -
COM file XOR-based encrypter.</li>
<li><a
href="https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/dos/xpa.zip">XPA</a>
- DOS executable packer.</li>
<li><a href="https://defacto2.net/f/a520164?packer=xpack">XPack</a> -
EXE/COM/SYS executable file compressor.</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h2 id="wrench-tools">:wrench: Tools</h2>
<ul>
<li><a href="https://github.com/strazzere/android-unpacker">Android
Unpacker</a> - Android Unpacker presented at Defcon 22: Android Hacker
Protection Level 0.</li>
<li><a href="https://github.com/angr/angr">Angr</a> - Platform-agnostic
binary analysis framework.</li>
<li><a href="https://github.com/rednaga/APKiD">APKiD</a> - Android
application Identifier for packers, protectors, obfuscators and oddities
- PEiD for Android.</li>
<li><a href="https://ibsensoftware.com/products_aPLib.html">aPLib</a> -
Compression library based on the algorithm used in aPACK.</li>
<li><a href="https://github.com/UchihaL/AppSpear">AppSpear</a> -
Universal and automated unpacking system suitable for both Dalvik and
ART.</li>
<li><a
href="https://web.archive.org/web/20211017145403/https://assiste.com/Packer.html">Assiste
(Packer)</a> - Assiste.com’s example list of packers.</li>
<li><a href="https://github.com/malicialab/avclass">AVClass</a> - Python
tools to tag / label malware samples.</li>
<li><a href="https://github.com/dhondta/bintropy">Bintropy</a> -
Prototype analysis tool that estimates the likelihood that a binary file
contains compressed or encrypted bytes.</li>
<li><a
href="https://dl.acm.org/doi/10.1145/3243734.3243771?-">BinUnpack</a> -
Unpacking approach free from tedious memory access monitoring, therefore
introducing very small runtime overhead.</li>
<li><a href="https://www.gnu.org/software/binutils">Binutils</a> - The
GNU Binutils are a collection of binary tools for Linux (it namely
includes Readelf).</li>
<li><a
href="http://bitblaze.cs.berkeley.edu/release/index.html">BitBlaze</a> -
Analysis platform that features a novel fusion of static and dynamic
analysis techniques, mixed concrete and symbolic execution, and
whole-system emulation and binary instrumentation, all to facilitate
state-of-the art research on real security problems.</li>
<li><a href="https://github.com/mandiant/capa">Capa</a> - Open-source
tool to identify capabilities in PE, ELF or .NET executable files.</li>
<li><a href="https://www.capstone-engine.org">Capstone</a> - Lightweight
multi-platform, multi-architecture disassembly framework.</li>
<li><a href="https://github.com/adamhlt/Cave-Finder">Cave-Finder</a> -
Tool to find code cave in PE image (x86 / x64) - Find empty space to
place code in PE files.</li>
<li><a href="https://ntcore.com/?page_id=388">CFF Explorer</a> - PE32/64
and .NET editor, part of the Explorer Suite.</li>
<li><a
href="https://defacto2.net/f/a91dea6?dosmachine=svga&amp;dosspeed=max">ChkEXE</a>
- Identifies almost any EXE/COM packer, crypter or protector.</li>
<li><a href="https://clamunpacker.sourceforge.io/">Clamscan Unpacker</a>
- Unpacker derived from ClamAV.</li>
<li><a href="https://defacto2.net/f/a520164?tool=com2exe">COM2EXE</a> -
Free tool for converting COM files to EXE format.</li>
<li><a href="https://github.com/0xd4d/de4dot">de4dot</a> - .NET
deobfuscator and unpacker.</li>
<li><a href="https://github.com/lelinhtinh/de4js">de4js</a> - JavaScript
Deobfuscator and Unpacker.</li>
<li><a href="https://defacto2.net/f/aa2e6ec">Defacto2 Analyzers
Archive</a> - Collection of 60 binary files analysers for MS-DOS and
Windows32 from the 1990s and the 2000s.</li>
<li><a href="https://defacto2.net/f/a520164">Defacto2 Packers
Archive</a> - Collection of 460 binary and data file packers for MS-DOS
and Windows32 from the 1990s and 2000s.</li>
<li><a href="https://defacto2.net/f/a218ab4">Defacto2 Unpackers
Archive</a> - Collection of 152 binary files unpackers for MS-DOS and
Windows 32 from the 1990s and 2000s.</li>
<li><a href="https://github.com/horsicq/DIE-engine/releases">DIE</a> -
Detect It Easy ; Program for determining types of files.</li>
<li><a href="https://github.com/packing-box/python-dsff">DSFF</a> -
DataSet File Format for exchanging datasets and converting to ARFF (for
use with Weka), CSV or Packing-Box’s dataset structure.</li>
<li><a href="https://dynamorio.org">DynamoRIO</a> - Runtime code
manipulation system that supports code transformations on any part of a
program, while it executes.</li>
<li><a
href="https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/how-does-the-emulator-in-symantec-endpoint-protect-v121004909-d47e230.html">Emulator</a>
- Symantec Endpoint Protector (from v14) capability to create a virtual
machine on the fly to identify, detonate, and eliminate malware hiding
inside custom malware packers.</li>
<li><a href="https://ether.gtisc.gatech.edu/web_unpack">EtherUnpack</a>
- Precision universal automated unpacker (successor of PolyUnpack).</li>
<li><a
href="https://web.archive.org/web/20150502154942/http://eureka.cyber-ta.org">Eureka</a>
- Binary static analysis preparation framework implementing a novel
binary unpacking strategy based on statistical bigram analysis and
coarse-grained execution tracing.</li>
<li><a href="https://github.com/ExeinfoASL/ASL">EXEInfo-PE</a> - Fast
detector for executable PE files.</li>
<li><a href="https://defacto2.net/f/ae2c42e">ExeScan</a> - Executable
file analyzer which detects the most famous EXE/COM Protectors, Packers,
Converters and compilers.</li>
<li><a href="https://forum.exetools.com">EXETools</a> - Forum for
reverse engineering and executale packing related topics.</li>
<li><a href="https://github.com/crackinglandia/fuu">FUU</a> - Fast
Universal Unpacker.</li>
<li><a href="https://www.helger.com/gt/gt.htm">GetTyp</a> - File format
detection program for DOS based on special strings and byte code.</li>
<li><a
href="https://web.archive.org/web/20220121084407/http://qunpack.ahteam.org/?p=327">GUnpacker</a>
- Shell tool that performs OEP positioning and dumps decrypted
code.</li>
<li><a href="https://github.com/endgameinc/gym-malware">Gym-Malware</a>
- This is a malware manipulation environment for OpenAI’s gym.</li>
<li><a href="https://github.com/crypto2011/IDR">IDR</a> - Interactive
Delphi Reconstructor.</li>
<li><a href="https://www.aldeid.com/wiki/ImpREC">ImpREC</a> - This can
be used to repair the import table for packed programs.</li>
<li><a href="https://doi.org/10.1007/978-3-540-87403-4_6">Justin</a> -
Just-In-Time AV scanning ; generic unpacking solution.</li>
<li><a href="https://farrokhi.net/language">Language 2000</a> - Ultimate
compiler detection utility.</li>
<li><a href="https://github.com/lief-project/LIEF">LIEF</a> - Library to
Instrument Executable Formats ; Python package for parsing PE, ELF,
Mach-O and DEX formats, modifying and rebuilding executables.</li>
<li>Lissom - Retargetable decompiler consisting of a preprocessing part
and a decompilation core.</li>
<li><a href="https://www.aldeid.com/wiki/LordPE">LordPE</a> - PE header
viewer, editor and rebuilder.</li>
<li><a href="https://github.com/rieck/malheur">Malheur</a> - Tool for
the automatic analysis of malware behavior (recorded from malicious
software in a sandbox environment).</li>
<li><a href="https://github.com/hasherezade/mal_unpack">MalUnpack</a> -
Dynamic unpacker based on PE-sieve.</li>
<li><a href="https://github.com/JusticeRage/Manalyze">Manalyze</a> -
Robust parser for PE files with a flexible plugin architecture which
allows users to statically analyze files in-depth.</li>
<li><a href="https://mandiant-red-curtain.apponic.com">MRC</a> -
(Mandiant Red Curtain) Free software for Incident Responders that
assists with the analysis of malware ; it examines executable files
(e.g., .exe, .dll, and so on) to determine how suspicious they are based
on a set of criteria.</li>
<li><a href="https://github.com/NotPrab/.NET-Deobfuscator">.NET
Deobfuscator</a> - List of .NET Deobfuscators and Unpackers.</li>
<li><a
href="https://github.com/packing-box/packer-masking-tool">NotPacked++</a>
- Attack tool for altering packed samples so that they evade static
packing detection.</li>
<li><a href="https://github.com/tum-i4/Oedipus">Oedipus</a> - A Python
framework that uses machine learning algorithms to implement the
metadata recovery attack against obfuscated programs.</li>
<li><a
href="https://ieeexplore.ieee.org/abstract/document/7782073">OEPdet</a>
- Automated original-entry-point detector.</li>
<li><a href="https://github.com/xshows/ollydbg-script">OllyDbg
Scripts</a> - Collection of OllyDbg scripts for unpacking many different
packers.</li>
<li><a href="https://doi.org/10.1109/ACSAC.2007.15">OmniUnpack</a> - New
technique for fast, generic, and safe unpacking of malware by monitoring
the execution in real-time and detecting the removed layers of
packing.</li>
<li><a
href="https://github.com/BromiumLabs/PackerAttacker">PackerAttacker</a>
- Tool that uses memory and code hooks to detect packers.</li>
<li><a
href="https://web.archive.org/web/20150504162711/https://www.sysreveal.com/packerbreaker-intro">PackerBreaker</a>
- Tool for helping unpack, decompress and decrypt most of the programs
packed, compressed or encrypted using advanced emulation
technology.</li>
<li><a href="https://github.com/rewhy/adaptiveunpacker">PackerGrind</a>
- Adaptive unpacking tool for tracking packing bahaviors and unpacking
Android packed apps.</li>
<li><a href="https://github.com/sooshie/packerid">PackerID</a> - Fork of
packerid.py using PEid signatures and featuring additional output types,
formats, digital signature extraction, and disassembly support.</li>
<li><a href="https://github.com/mesaleh/PackiD">PackID</a> - Packer
identification multiplatform tool/library using the same database syntax
as PEiD.</li>
<li><a
href="https://github.com/dhondta/docker-packing-box">Packing-Box</a> -
Docker image gathering many packing-related tools and for making
datasets of packed executables for use with machine learning.</li>
<li><a href="https://github.com/panda-re/panda">PANDA</a> - Platform for
Architecture-Neutral Dynamic Analysis.</li>
<li><a href="https://0x0badc0.de/gitweb?p=bochs/.git">Pandora’s
Bochs</a> - Extension to the Bochs PC eumlator to enable it to monitor
execution of the unpacking stubs for extracting the original code.</li>
<li><a href="https://www.pcjs.org">PCjs</a> - PCjs uses JavaScript to
recreate the IBM PC experience, using original ROMs, CPUs running at
their original speeds, and early IBM video cards and monitors.</li>
<li><a
href="https://web.archive.org/web/20250427032942/http://pect.atspace.com">PE
Compression Test</a> - List of packers tested on a few sample
executables for comparing compressed sizes.</li>
<li><a href="https://ntcore.com/?page_id=367">PE Detective</a> - This
GUI tool can scan single PE files or entire directories (also
recursevely) and generate complete reports.</li>
<li><a
href="https://github.com/hasherezade/pe-bear-releases">PE-bear</a> -
Freeware reversing tool for PE files aimed to deliver fast and flexible
“first view” for malware analysts, stable and capable to handle
malformed PE files.</li>
<li><a href="https://pedump.me/">PEdump</a> - Dump windows PE files
using Ruby.</li>
<li><a
href="https://github.com/roussieau/masterthesis/tree/master/src/detector/tools/pefeats">Pefeats</a>
- Utility for extracting 119 features from a PE file for use with
machine learning algorithms.</li>
<li><a href="https://github.com/erocarrera/pefile">Pefile</a> -
Multi-platform Python module to parse and work with Portable Executable
files.</li>
<li><a href="https://github.com/guelfoweb/peframe">PEFrame</a> - Tool
for performing static analysis on PE malware and generic suspicious
files.</li>
<li><a
href="https://web.archive.org/web/20070529035022/https://www.secretashell.com/codomain/peid/">PEiD</a>
- Packed Executable iDentifier.</li>
<li><a href="https://github.com/dhondta/peid">PEiD (CLI)</a> - Python
implementation of PEiD featuring an additional tool for making new
signatures.</li>
<li><a href="https://github.com/K-atc/PEiD">PEiD (yara)</a> - Yet
another implementation of PEiD with yara.</li>
<li><a href="https://github.com/avast/pelib">PeLib</a> - PE file
manipulation library.</li>
<li><a href="https://github.com/mentebinaria/readpe">PEPack</a> - PE
file packer detection tool, part of the Unix package “pev”.</li>
<li><a
href="https://tzworks.com/prototype_page.php?proto_id=15">PEscan</a> -
CLI tool to scan PE files to identify how they were constructed.</li>
<li><a href="https://github.com/petoolse/petools">PETools</a> -
Old-school reverse engineering tool (with a long history since 2002) for
manipulating PE files.</li>
<li><a href="http://wjradburn.com/software">PEview</a> - Provides a
quick and easy way to view the structure and content of 32-bit Portable
Executable (PE) and Component Object File Format (COFF) files.</li>
<li><a href="http://www.heaventools.com/overview.htm">PExplorer</a> -
Most feature-packed program for inspecting the inner workings of your
own software, and more importantly, third party Windows applications and
libraries for which you do not have source code.</li>
<li><a
href="https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html">Pin</a>
- Dynamic binary instrumentation framework for the IA-32, x86-64 and MIC
instruction-set architectures that enables the creation of dynamic
program analysis tools.</li>
<li><a href="https://github.com/Phat3/PINdemonium">PINdemonium</a> -
Unpacker for PE files exploiting the capabilities of PIN.</li>
<li><a href="https://github.com/PlatonovIvan/PolyUnpack">PolyUnpack</a>
- Implemention attempt of the general approach for extracting the
original hidden code of PE files without any heuristic assumptions.</li>
<li><a href="https://github.com/katjahahn/PortEx">PortEx</a> - Java
library for static malware analysis of PE files with a focus on PE
malformation robustness and anomaly detection.</li>
<li><a
href="https://web.archive.org/web/20210331144912/https://protectionid.net">PROTECTiON
iD</a> - PE file signature-based scanner.</li>
<li><a href="http://protools.narod.ru">ProTools</a> - Programmer’s
Tools, a web site dedicated for all kinds of tools and utilities for the
true WinBloze programmer, including packers, crypters, etc.</li>
<li><a
href="https://github.com/cylance/PyPackerDetect">PyPackerDetect</a> -
Small python script/library to detect whether an executable is
packed.</li>
<li><a href="https://github.com/dhondta/PyPackerDetect">PyPackerDetect
(refactored)</a> - A complete refactoring of the original project to a
Python package with a console script to detect whether an executable is
packed.</li>
<li><a href="https://github.com/FFRI/pypeid">PyPeid</a> - Yet another
implementation of PEiD with yara-python.</li>
<li><a
href="https://web.archive.org/web/20220119142245/http://qunpack.ahteam.org/?p=458">Quick
Unpack</a> - Generic unpacker that facilitates the unpacking
process.</li>
<li><a
href="https://web.archive.org/web/20220904151105/http://rdgsoft.net/">RDG
Packer Detector</a> - Packer detection tool.</li>
<li><a href="https://github.com/uxmal/reko">Reko</a> - Free decompiler
for machine code binaries.</li>
<li><a href="https://github.com/packing-box/reminder">REMINDer</a> -
Packing detection tool based on the entropy value of the entry point
section and the WRITE attribute.</li>
<li><a href="https://remnux.org">REMnux</a> - Linux toolkit for
reverse-engineering and analyzing malicious software.</li>
<li><a
href="https://dl.acm.org/doi/10.1145/1314389.1314399?tool">Renovo</a> -
Detection tool built on top of TEMU (dynamic analysis component of
BitBlaze) based on the execution of newly-generated code and monitoring
memory writes after the program starts.</li>
<li><a href="http://angusj.com/resourcehacker">ResourceHacker</a> -
Resource editor for 32bit and 64bit Windows applications.</li>
<li><a href="https://github.com/avast/retdec">RetDec</a> - Retargetable
machine-code decompiler based on LLVM.</li>
<li><a href="https://www.sac.sk/download/pack/rtd_rp24.zip">RTD</a> -
Rose Patch - TinyProt/Rosetiny Unpacker.</li>
<li><a href="https://www.sac.sk/download/pack/rupp037.rar">RUPP</a> -
ROSE SWE UnPaCKER PaCKaGE (for DOS executables only).</li>
<li><a href="mailto:mihai@cs.wisc.edu">SAFE</a> - Static Analyzer For
Executables (available on demand).</li>
<li><a href="https://github.com/pralab/secml_malware">SecML Malware</a>
- Create adversarial attacks against machine learning Windows malware
detectors.</li>
<li><a
href="https://github.com/CheckPointSW/showstopper">ShowStopper</a> -
Tool to help malware researchers explore and test anti-debug techniques
or verify debugger plugins or other solutions that clash with standard
anti-debug methods.</li>
<li><a href="http://www.cgsoftlabs.ro/studpe.html">StudPE</a> - PE
viewer and editor (32/64 bit).</li>
<li><a
href="https://www.amazon.com/Norton-AntiVirus-2007-Old-Version/dp/B000IAOIXW">SymPack</a>
- Safe, portable, largely effective but not generic library for packing
detection and unpacking ; part of the Norton Antivirus solution.</li>
<li><a
href="https://www.reversinglabs.com/products/malware-analysis-platform">Titanium
Platform</a> - Machine learning hybrid cloud platform that harvests
thousands of file types at scale, speeds threat detection through
machine learning binary analysis, and continuously monitors an index of
over 10B files for future threats.</li>
<li><a href="https://mark0.net/soft-trid-e.html">TrID</a> - Utility for
identifying file types from their binary signatures.</li>
<li><a href="https://github.com/jonathansalwan/Triton">Triton</a> -
Dynamic binary analysis library.</li>
<li><a href="https://tuts4you.com">Tuts 4 You</a> - Non-commercial,
independent community dedicated to the sharing of knowledge and
information on reverse code engineering.</li>
<li><a href="https://github.com/unipacker/unipacker">Unipacker</a> -
Automatic and platform-independent unpacker for Windows binaries based
on emulation.</li>
<li><a href="https://www.unpac.me">UnpacMe</a> - Automated malware
unpacking service.</li>
<li><a
href="https://web.archive.org/web/20191218043307/http://www.woodmann.com/crackz/Tools/">Unpckarc</a>
- Packed executables detection tool relying on several heuristics.</li>
<li><a href="https://www.sac.sk/download/pack/uu215e.exe">UU</a> -
Universal Unpacker.</li>
<li><a href="https://www.sac.sk/download/pack/uundo.zip">Uundo</a> -
Universal Undo - Universal Unpacker.</li>
<li><a
href="https://www.hex-rays.com/blog/unpacking-mpressed-pe-dlls-with-the-bochs-plugin/">Uunp
(IDA Pro plugin)</a> - IDA Pro debugger plug-in module automating the
analysis and unpacking of packed binaries.</li>
<li><a href="https://www.sac.sk/download/pack/uup14.zip">UUP</a> -
Universal exe-file UnPacker.</li>
<li><a href="https://github.com/s3team/VMHunt">VMHunt</a> - Set of tools
for analyzing virtualized binary code ; now only supports 32 bit
traces.</li>
<li><a
href="https://web.archive.org/web/20241106123938/https://www.leechermods.com/2010/01/vmunpacker-16-latest-version.html">VMUnpacker</a>
- Unpacker based on the technology of virtual machine.</li>
<li><a href="https://github.com/m417z/winbindex">Winbindex</a> - An
index of Windows binaries, including download links for executables such
as EXE, DLL and SYS files.</li>
<li><a href="https://github.com/Neo23x0/yarGen">yarGen</a> - Generator
for YARA rules - The main principle is the creation of yara rules from
strings found in malware files while removing all strings that also
appear in goodware files.</li>
</ul>
<p align="center">
<a href="#top"><img src="https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social" alt="Back to top" height="20"/></a>
</p>
<h2 id="contributing">Contributing</h2>
<p>Contributions are welcome! Please read the <a
href="CONTRIBUTING.md">contribution guidelines</a> first.</p>
<p><a
href="https://github.com/dhondta/awesome-executable-packing">executablepacking.md
Github</a></p>