Skip navigation.
Home

packer request

| |

Does anyone out there have a userdb of packer signatures? (think peid) We have a working packer detector now that runs on anything thanks to the pelp project guys but its a little sparce on signatures. Ill be adding my own sigs but I thought i'd ask and see if anyone out there has any they are willing to donate. Sigs look like :

[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true

Thanks!

V.

see Peid forum for new

see Peid forum for new external database signatures:

http://www.secretashell.com/PEiD/viewforum.php?f=7&sid=26850d6d8c7fea338635285841725705

Val,

Val,
I know this is old and don't know if you've received any help with it. I believe you might want to contact Patrick M. Kolla (Spybot creator), I think he also created FileAlyzer which has a feature that reads the different packers on an executable. He may be willing to point you in the right direction.

my favorite packer/protector

my favorite packer/protector detection tool is: protection-id

protectionid.owns.it

another nice one is the rdg packer detector

http://www.egrupos.net/grupo/rdgsoft/ficheros/3/verFichero/11/RDG%20Packer%20Detector%20v0.6.4%20Beta.rar

thanks

thanks for all the responses. I figured out how to extract some of the stuff from various packer detectors and also made a few signatures of my own. There are also some forums out there for packer signatures. We integrated a bunch of this stuff in the analysis engine for offensive computing and it got built into Metasploits msfpescan as well.

Great suggestions.

V.