RDG PACKER DETECTOR
RDG Packer Detector is a detector packers, cryptors, Compilers, Packers Scrambler, Joiners, Installers.
-
New Symbols
-
Windows 7 Compatible
-
Windows 8 Compatible
-
Fewer False Positives
-
Increased Stability
-
32/64 bit PE Detection
-
Has Fast detection system.
-
Powerful -has detection system analyzing the entire file, enabling detection muli-packers in several cases.
-
Allows create your own signature detection signatures.
-
Has Crypto-Graphic Analyzer.
-
Allows calculate the checksum of a file.
-
Allows calculate Entropy, informing if the analyzed program is compressed, encrypted or not.
-
Detector OEP (Original Entry Point) of a program.
-
Check and download signatures.
-
Loader Plug-ins ..
-
Converter Of Signatures.
-
Detector Of distorters Entry Point.
-
Binder-of-puller attachments.
-
Enhanced Heuristic -System.
PEiD
-
PEiD detects most common packers, cryptors and compilers for PE files.
-
It can currently detect more than 470 different signatures in PE files.
PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.
PEiD comes with three different scanning methods, each suitable for a distinct purpose. The Normal one scans the user-specified PE file at its Entry Point for all its included signatures. The so-called Deep Mode comes with increased detection ratio since it scans the file's Entry Point containing section, whereas the Hardcore mode scans the entire file for all the documented signatures.
PACKERID
This script, created by Jim Clausing, which uses a PEiD database to identify which packer (if any) is being used by a binary. Script was created by Jim Clausing for Linux OS
WINDOWS PACKER DETECTOR
Developed by James Habben, this tool is designed to analyze windows executable files for signs that it has been modified by a packer/cryptor. It supports many packers and documents this in a dialog triggered by the help button.
LANGUAGE 2000
The ultimate compiler detection utility, authored by Babak Farrokhi. Using this program you can determine which compiler used to make your binary file or with which compressor the file is compressed.
-
Detects Compiler/Encryptor/Packer of EXE, DLL and OCX files
-
Database updates support. No need to download complete program for updates
-
Very fast
-
Detects almost all of known Compiler/Encryptor/Packers.
-
Friendly interface with Drag&Drop support.
EXESCAN
ExeScan is the FREE console based tool to detect anomalies in PE (Portable Executable) files. It quickly scans given executable file and detect all kind of anomalies in its PE header fields including checksum verifications, size of various header fields, improper size of raw data, non-ascii/empty section names etc.
Various packers/protectors modify PE header to make reversing harder. Sometimes anomalies in PE header may crash Debugging tools thereby blocking your attempt to reversing. Such anomalies can also make some of the GUI based PE analysis tools to fail to parse PE headers.
In such cases ExeScan can come handy by helping you to quickly detect such anomalies. Then you can fix them and proceed to further analysis of malware.
In addition to finding various anomalies, it can also detect packer/compiler used to pack/build the target executable file. Being console based tool, you can easily integrate it with your malware automation suite.
Q-UNPACK
Quick Unpackwill unpack many of the commonly known packers as well as contains multiple ways to find OEP and will attempt to reconstruct the IAT.