Python implementation of the Packed Executable iDentifier (PEiD)
Project description
Packed Executable iDentifier 
Detect packers on PE files using signatures.
This tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in the scope of packing detection for Windows PE files based on signatures. It uses a combination of more than 5.500 signatures merged from the following sources:
$ pip install peid
The main tool checks the input executable against the embedded or user-defined signatures database.
$ peid --help
[...]
$ peid program.exe
[...]
$ peid program.exe --db custom_sigs_db.txt
The second tool allows to inspect signatures.
$ peid-db --db path/to/userdb.txt --filter UPX
The third tool allows to create and integrate new signatures.
$ peid-sig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith
Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PyPackerDetect: Packing detection tool for PE files (fork of this repository).
- REMINDer: Packing detector using a simple heuristic (inspired from this paper).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
peid-2.1.1.tar.gz
(626.0 kB
view hashes)
Built Distribution
peid-2.1.1-py3-none-any.whl
(553.5 kB
view hashes)
