Skip navigation.

packer request

| |

Does anyone out there have a userdb of packer signatures? (think peid) We have a working packer detector now that runs on anything thanks to the pelp project guys but its a little sparce on signatures. Ill be adding my own sigs but I thought i'd ask and see if anyone out there has any they are willing to donate. Sigs look like :

[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true



see Peid forum for new

see Peid forum for new external database signatures:


I know this is old and don't know if you've received any help with it. I believe you might want to contact Patrick M. Kolla (Spybot creator), I think he also created FileAlyzer which has a feature that reads the different packers on an executable. He may be willing to point you in the right direction.

my favorite packer/protector

my favorite packer/protector detection tool is: protection-id

another nice one is the rdg packer detector


thanks for all the responses. I figured out how to extract some of the stuff from various packer detectors and also made a few signatures of my own. There are also some forums out there for packer signatures. We integrated a bunch of this stuff in the analysis engine for offensive computing and it got built into Metasploits msfpescan as well.

Great suggestions.