-
-
Save MilesQLi/13f5c0e8dbf5a47d129ee894fbf951cf to your computer and use it in GitHub Desktop.
peid rules for packers cryptors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #first, let's define the list of packers/cryptors we want to detect | |
| packers = ['AHTeam', 'Armadillo', 'Stelth', 'yodas', 'ASProtect', 'ACProtect', 'PEnguinCrypt', | |
| 'UPX', 'Safeguard', 'VMProtect', 'Vprotect', 'WinLicense', 'Themida', 'WinZip', 'WWPACK', | |
| 'Y0da', 'Pepack', 'Upack', 'TSULoader' | |
| 'SVKP', 'Simple', 'StarForce', 'SeauSFX', 'RPCrypt', 'Ramnit', | |
| 'RLPack', 'ProCrypt', 'Petite', 'PEShield', 'Perplex', | |
| 'PELock', 'PECompact', 'PEBundle', 'RLPack', 'NsPack', 'Neolite', | |
| 'Mpress', 'MEW', 'MaskPE', 'ImpRec', 'kkrunchy', 'Gentee', 'FSG', 'Epack', | |
| 'DAStub', 'Crunch', 'CCG', 'Boomerang', 'ASPAck', 'Obsidium','Ciphator', | |
| 'Phoenix', 'Thoreador', 'QinYingShieldLicense', 'Stones', 'CrypKey', 'VPacker', | |
| 'Turbo', 'codeCrypter', 'Trap', 'beria', 'YZPack', 'crypt', 'crypt', 'pack', | |
| 'protect', 'tect' | |
| ] | |
| #next, we will try to match peid rules with an exe file | |
| try: | |
| matches = peid_rules.match(exe_file_path) | |
| if matches: | |
| for match in matches: | |
| for packer in packers: | |
| #this line is simply trying to see if one of the known packers has been detected | |
| if packer.lower() in match.lower(): | |
| print('packer detected') | |
| print(packer) | |
| except: | |
| print('error') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment