This tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in the scope of packing detection for Windows PE files based on signatures. It uses a combination of more than 5.500 signatures merged from the following sources:
It relies on pefile for abstracting PE files and reading signatures databases.
$ pip install peidThe main tool checks the input executable against the embedded or user-defined signatures database.
$ peid --help
[...]
$ peid program.exe
[...]
$ peid program.exe --db custom_sigs_db.txtThe second tool allows to create and integrate new signatures.
$ peidsig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmithYou may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes.
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers.
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- PyPackerDetect: Packing detection tool for PE files.
