awesome-executable-packing
A curated list of awesome resources related to executable packing
Last updated Jul 8, 2026
1.6k
Stars
136
Forks
2
Issues
+2
Stars/day
Attention Score
95
Topics
Language breakdown
No language data available.
▸ Files
click to expand
README
Awesome Executable Packing

A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others) containing references to books, papers, blog posts, and other written resources but also packers and tools for detecting packers and unpacking executables.
Packing is the action of modifying an executable in a way that does not modify its purpose. It is generally one or a combination of the following operations:
- bundling: makes a single executable with multiple files
- compression: compresses the executable to reduce its original size
- encoding: obfuscates the executable by encoding it
- encryption: obfuscates the executable by encrypting it
- mutation: alters the executable's code so that it uses a modifided instruction set and architecture (e.g. using oligomorphism)
- protection: makes the reversing of the executable harder (i.e. using anti-debugging, anti-tampering or other tricks)
- virtualization: embeds a virtual machine that allows to virtualize executable's instructions
Contents
- Documentation - Scientific Research - After 2010 - Between 2000 and 2010 - Before 2000:books: Literature
Documentation
- :earthamericas: a.out (FreeBSD manual pages))
- :earthamericas: A.out binary format
- :earthamericas: About anti-debug tricks
- :barchart: Android packers: Separating from the pack
- :pushpin: Anti debugging protection techniques with examples
- :notebook: Anti-unpacker tricks
- :pagefacingup: Anti-unpacker tricks - Part 14 (and previous parts)
- :barchart: API deobfuscator: Resolving obfuscated API functions in modern packers
- :earthamericas: Armouring the ELF: Binary encryption on the UNIX platform
- :greenbook: The art of memory forensics: Detecting malware and threats in Windows, Linux, and mac memory
- :barchart: The art of unpacking
- :earthamericas: Awesome executable packing
- :earthamericas: Awesome LLVM security
- :pushpin: Cloak and dagger: Unpacking hidden malware attacks
- :book: Cluster analysis
- :earthamericas: Clustering algorithms
- :earthamericas: COM binary format
- :earthamericas: Common object file format (COFF)
- :earthamericas: Comparison of executable file formats
- :newspaper: A complexity measure
- :newspaper: Cyclomatic complexity density and software maintenance productivity
- :barchart: Dealing with virtualization packers
- :earthamericas: Defacto2
- :newspaper: Do we need hundreds of classifiers to solve real world classification problems?
- :barchart: Dynamic binary analysis and obfuscated codes
- :earthamericas: elf (FreeBSD manual pages))
- :pushpin: Entropy and the distinctive signs of packer PE files
- :notebook: Evading machine learning malware detection
- :earthamericas: Executable and linkable format (ELF)
- :clipboard: Executable and linking format (ELF) specification
- :earthamericas: Executable file formats
- :pushpin: Explained: Packer, crypter, and protector
- :earthamericas: FatELF: Universal binaries for Linux (HALTED)
- :newspaper: Feature selection: A data perspective
- :notebook: Gunpack: Un outil générique d'unpacking de malwares
- :newspaper: How to use t-SNE effectively
- :clipboard: Hyperion: Implementation of a PE-Crypter
- :scroll: Implementing your own generic unpacker
- :earthamericas: Learn symbolic execution and angr
- :barchart: LIEF: Library to instrument executable formats
- :pushpin: Mach-O - A look at apple executable files
- :earthamericas: Mach-O file format reference
- :barchart: Mach-O internals
- :book: Machine learning
- :pushpin: Making our own executable packer
- :earthamericas: The malware analyst's guide to aPLib decompression
- :newspaper: The matthews correlation coefficient (MCC) should replace the ROC AUC as the standard metric for assessing binary classification
- :clipboard: Microsoft portable executable and common object file format specification
- :earthamericas: MITRE ATT&CK | T1027.002 | obfuscated files or information: Software packing - Enterprise
- :earthamericas: MITRE ATT&CK | T1406.002 | obfuscated files or information: Software packing - Mobile
- :earthamericas: MZ disk operating system (DOS)
- :barchart: NotPacked++: Evading static packing detection
- :earthamericas: OllyDbg OEP finder scripts
- :bookmark: On the worst-case complexity of timsort
- :barchart: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques
- :scroll: One packer to rule them all: Empirical identification, comparison and circumvention of current antivirus detection techniques
- :newspaper: Packer analysis report debugging and unpacking the NsPack 3.4 and 3.7 packer
- :pushpin: Packer detection tool evaluation
- :pagefacingup: Packers
- :pushpin: Packers/Protectors for Linux
- :barchart: Packing-box: Breaking detectors & visualizing packing
- :barchart: Packing-box: Improving detection of executable packing
- :barchart: Packing-box: Playing with executable packing
- :pushpin: Parsing mach-O files
- :greenbook: Pattern recognition and machine learning (Information science and statistics)
- :earthamericas: PE format - Win32 apps
- :scroll: PinDemonium: A DBI-based generic unpacker for Windows executables
- :earthamericas: Portable executable (PE)
- :greenbook: Practical malware analysis: The hands-on guide to dissecting malicious software
- :pushpin: ProtectMyTooling - Don't detect tools, detect techniques
- :barchart: Qualitative and quantitative evaluation of software packers
- :barchart: Reverse engineering malware: Binary obfuscation and protection
- :barchart: Runtime packers testing experiences
- :barchart: Runtime packers: The hidden problem?
- :newspaper: Standards and policies on packer use
- :green_book: Surreptitious software: Obfuscation, watermarking, and tamperproofing for software protection
- :bookmark: A survey of dimensionality reduction techniques
- :barchart: TitanMist: Your first step to reversing nirvana
- :pushpin: Tuts 4 you - UnPackMe (.NET)
- :pushpin: Tuts 4 you | unpackme
- :greenbook: The "Ultimate" anti-debugging reference
- :pagefacingup: Unpacking binary 101
- :pushpin: Unpacking the potential of "Packing box"
- :pushpin: Unpacking, reversing, patching
- :barchart: Virtual machine obfuscation
- :barchart: WaveAtlas: Surfing through the landscape of current malware packers
- :barchart: We can still crack you! General unpacking method for Android Packer (NO ROOT)
- :barchart: When malware is packing heat
- :clipboard: Win32 portable executable packing uncovered
- :pushpin: Writing a packer
- :pushpin: Writing a PE packer
- :pushpin: Writing a simple PE packer in detail
- :earthamericas: x86 disassembly/Windows executable files
- :earthamericas: YARA - The pattern matching swiss knife for malware researchers.
Scientific Research
- :newspaper: 2-SPIFF: A 2-stage packer identification method based on function call graph and file attributes (December 2021) :star:
- :newspaper: Absent extreme learning machine algorithm with application to packed executable identification (January 2016)
- :newspaper: An accurate packer identification method using support vector machine (January 2014)
- :notebook: Adaptive unpacking of Android Apps (May 2017)
- :mortarboard: Advanced feature engineering for static detection of executable packing (June 2024) :star:
- :newspaper: Advanced preprocessing of binary executable files and its usage in retargetable decompilation (December 2014)
- :newspaper: Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art (May 2023) :star:
- :newspaper: Adversarial EXEmples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection (September 2021) :star:
- :mortarboard: Adversarial learning on static detection techniques for executable packing (June 2023) :star:
- :notebook: Adversarial malware binaries: Evading deep learning for malware detection in executables (September 2018) :star:
- :mortarboard: Adversarial tool for breaking static detection of executable packing (August 2024) :star:
- :notebook: Adversarially robust assembly language model for packed executables detection (November 2025) :star:
- :newspaper: All-in-one framework for detection, unpacking, and verification for malware analysis (January 2019) :star:
- :newspaper: Analysis of machine learning approaches to packing detection (October 2023) :star: :star:
- :newspaper: Anti-emulation trends in modern packers: A survey on the evolution of anti-emulation techniques in UPA packers (May 2018)
- :newspaper: API-MalDetect: Automated malware detection framework for windows based on API calls and deep learning techniques (September 2023) :star:
- :mortarboard: An application of machine learning to analysis of packed mac malware (May 2022) :star:
- :notebook: Application of string kernel based support vector machine for malware packer identification (August 2013)
- :newspaper: The application research of virtual machine in packers (August 2011)
- :notebook: AppSpear: Bytecode decrypting and DEX reassembling for packed Android malware (November 2015)
- :newspaper: The arms race: Adversarial search defeats entropy used to detect malware (October 2018)
- :closedbook: Assessing static and dynamic features for packing detection (October 2024) :star:
- :pagefacingup: Assessing the impact of packing on machine learning-based malware detection and classification systems (September 2025) :star:
- :newspaper: Auditing static machine learning anti-Malware tools against metamorphic attacks (March 2021) :star:
- :mortarboard: Automated static analysis of virtual-machine packers (August 2013)
- :newspaper: Automatic analysis of malware behavior using machine learning (December 2011)
- :newspaper: Automatic generation of adversarial examples for interpreting malware classifiers (March 2020)
- :notebook: Automatic static unpacking of malware binaries (October 2009)
- :newspaper: BareUnpack: Generic unpacking on the bare-metal operating system (December 2018)
- :newspaper: Benchmark for filter methods for feature selection in high-dimensional classification data (March 2020) :star:
- :newspaper: Beyond the sandbox: Leveraging symbolic execution for evasive malware classification (February 2025) :star:
- :newspaper: Binary-code obfuscations in prevalent packer tools (October 2013)
- :newspaper: BinStat tool for recognition of packed executables (September 2010)
- :newspaper: Birds of a feature: Intrafamily clustering for version identification of packed malware (September 2020) :star:
- :notebook: BitBlaze: A new approach to computer security via binary analysis (December 2008)
- :notebook: BODMAS: An open dataset for learning based temporal analysis of PE malware (May 2021) :star:
- :notebook: Boosting scalability in anomaly-based packed executable filtering (November 2011)
- :mortarboard: Building a malware mutation tool (June 2024)
- :mortarboard: Building a smart and automated tool for packed malware detections using machine learning (June 2020)
- :mortarboard: Building high-quality datasets of packed executables - Enhancing static detection models via curated packed binary datasets (August 2025) :star:
- :newspaper: Bypassing anti-analysis of commercial protector methods using DBI tools (January 2021) :star:
- :newspaper: Bypassing heaven’s gate technique using black-box testing (November 2023) :star:
- :notebook: BYTEWEIGHT: Learning to recognize functions in binary code (August 2014)
- :notebook: ByteWise: A case study in neural network obfuscation identification (January 2018)
- :notebook: Certified robustness of static deep learning-based malware detectors against patch and append attacks (November 2023) :star:
- :notebook: Challenging anti-virus through evolutionary malware obfuscation (April 2016)
- :notebook: Chosen-instruction attack against commercial code virtualization obfuscators (April 2022) :star:
- :newspaper: Classification of malware by using structural entropy on convolutional neural networks (April 2018)
- :newspaper: Classification of packed executables for accurate computer virus detection (October 2008)
- :notebook: Classifying packed malware represented as control flow graphs using deep graph convolutional neural network (March 2020) :star:
- :notebook: Classifying packed programs as malicious software detected (December 2016)
- :newspaper: A close look at a daily dataset of malware samples (January 2019) :star:
- :mortarboard: Code obfuscation techniques for software protection (April 2012)
- :notebook: Collective classification for packed executable identification (September 2011)
- :newspaper: A compact multi-step framework for packing identification in portable executable files for malware analysis (February 2024) :star:
- :notebook: A comparative analysis of classifiers in the recognition of packed executables (November 2019) :star:
- :newspaper: A comparative analysis of software protection schemes (June 2014)
- :notebook: A comparative assessment of malware classification using binary texture analysis and dynamic analysis (September 2011)
- :notebook: Comparing malware samples for unpacking: A feasibility study (August 2016)
- :mortarboard: Complexity-based packed executable classification with high accuracy (December 2008)
- :notebook: A comprehensive solution for obfuscation detection and removal based on comparative analysis of deobfuscation tools (October 2021) :star:
- :mortar_board: Computational-intelligence techniques for malware generation (October 2015)
- :newspaper: Conceptual and empirical comparison of dimensionality reduction algorithms (PCA, KPCA, LDA, MDS, SVD, LLE, ISOMAP, LE, ICA, t-SNE) (May 2021)
- :newspaper: A consistently-executing graph-based approach for malware packer identification (April 2019) :star:
- :newspaper: Construction and evaluation of the new heuristic malware detection mechanism based on executable files static analysis (August 2018)
- :notebook: A control flow graph-based signature for packer identification (October 2017) :star:
- :newspaper: Control flow-based opcode behavior analysis for malware detection (July 2014)
- :notebook: Countering entropy measure attacks on packed software detection (January 2012)
- :notebook: Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping (May 2017)
- :bookmark: Deceiving end-to-end deep learning malware detectors using adversarial examples (January 2019) :star:
- :notebook: Deceiving portable executable malware classifiers into targeted misclassification with practical adversarial examples (March 2020)
- :pagefacingup: Decoding the secrets of machine learning in malware classification: A deep dive into datasets, feature extraction, and model performance (November 2023) :star:
- :notebook: Denial-of-service attacks on host-based generic unpackers (December 2009)
- :mortarboard: Deobfuscation of packed and virtualization-obfuscation protected binaries (June 2011)
- :closedbook: Deobfuscation of virtualization-obfuscated code through symbolic execution and compilation optimization (April 2018)
- :notebook: Deobfuscation of virtualization-obfuscated software: A semantics-based approach (October 2011)
- :notebook: Design and development of a new scanning core engine for malware detection (October 2012)
- :mortarboard: Design and implementation of a modular executable packer - Experimenting with packing techniques and static detection (June 2025) :star:
- :notebook: Design and performance evaluation of binary code packing for protecting embedded software against reverse engineering (May 2010)
- :newspaper: Detecting obfuscated malware using reduced opcode set and optimised runtime trace (May 2016)
- :notebook: Detecting obfuscated viruses using cosine similarity analysis (March 2007)
- :notebook: Detecting packed executable file: Supervised or anomaly detection method? (August 2016)
- :newspaper: Detecting packed executables based on raw binary data (June 2010)
- :notebook: Detecting packed executables using steganalysis (December 2014)
- :mortarboard: Detecting packed PE files: Executable file analysis for the Windows operating system (June 2021) :star:
- :notebook: Detecting traditional packers, decisively (October 2013)
- :newspaper: Detecting unknown malicious code by applying classification techniques on opcode patterns (February 2012)
- :notebook: Detection of metamorphic malware packers using multilayered LSTM networks (November 2020) :star:
- :notebook: Detection of packed executables using support vector machines (July 2011)
- :notebook: Detection of packed malware (August 2012)
- :notebook: DexHunter: Toward extracting hidden code from packed Android applications (September 2015)
- :notebook: Disabling anti-debugging techniques for unpacking system in user-level debugger (October 2019)
- :newspaper: DroidPDF: The obfuscation resilient packer detection framework for Android Apps (July 2020)
- :notebook: Dynamic binary instrumentation for deobfuscation and unpacking (November 2009)
- :notebook: Dynamic classification of packing algorithms for inspecting executables using entropy analysis (October 2013)
- :notebook: A dynamic heuristic method for detecting packed malware using naive bayes (November 2019) :star:
- :newspaper: Effective, efficient, and robust packing detection and classification (May 2019) :star2: :star2: :star2:
- :newspaper: An efficient algorithm to extract control flow-based features for ioT malware detection (April 2021) :star:
- :notebook: Efficient and automatic instrumentation for packed binaries (June 2009)
- :newspaper: Efficient automatic original entry point detection (January 2019)
- :newspaper: An efficient block-discriminant identification of packed malware (August 2015)
- :notebook: Efficient malware packer identification using support vector machines with spectrum kernel (July 2013)
- :newspaper: Efficient SVM based packer identification with binary diffing measures (July 2019)
- :newspaper: ELF-Miner: Using structural knowledge and data mining methods to detect new (Linux) malicious executables (March 2012)
- :notebook: EMBER2024 - A benchmark dataset for holistic evaluation of malware classifiers (August 2025) :star:
- :bookmark: EMBER: An open dataset for training static PE malware machine learning models (April 2018) :star: :star:
- :notebook: An empirical evaluation of an unpacking method implemented with dynamic binary instrumentation (September 2011)
- :notebook: Encoded executable file detection technique via executable file header analysis (April 2009)
- :newspaper: Enhanced metamorphic techniques-A case study against havex malware (August 2021) :star:
- :notebook: Enhancing machine learning based malware detection model by reinforcement learning (November 2018)
- :notebook: Entropy analysis to classify unknown packing algorithms for malware detection (May 2016) :star:
- :newspaper: An entropy-based distance measure for analyzing and detecting metamorphic malware (June 2018)
- :notebook: Entropy-driven visualization in gview: Unveiling the unknown in binary file formats (September 2024) :star:
- :newspaper: ERMDS: A obfuscation dataset for evaluating robustness of learning-based malware detection system (May 2023)
- :notebook: ESCAPE: Entropy score analysis of packed executable (October 2012)
- :notebook: Ether: Malware analysis via hardware virtualization extensions (October 2008)
- :notebook: Eureka: A framework for enabling static malware analysis (October 2008)
- :newspaper: Evading anti-malware engines with deep reinforcement learning (March 2019) :star:
- :notebook: Evading packing detection: Breaking heuristic-based static detectors (July 2024) :star:
- :notebook: Experimental comparison of machine learning models in malware packing detection (September 2020) :star:
- :notebook: An experimental study on identifying obfuscation techniques in packer (June 2016)
- :notebook: Experimental toolkit for manipulating executable packing (June 2024) :star: :star:
- :mortarboard: Experimental toolkit for studying executable packing - Analysis of the state-of-the-art packing detection techniques (June 2022) :star:
- :notebook: Exploring adversarial examples in malware detection (May 2019) :star:
- :newspaper: Fast and robust fixed-point algorithms for independent component analysis (May 1999)
- :notebook: A fast flowgraph based classification system for packed and polymorphic malware on the endhost (April 2010)
- :notebook: A fast randomness test that preserves local detail (October 2008)
- :newspaper: Feature selection for malware detection based on reinforcement learning (December 2019)
- :newspaper: Feature selection for packer classification based on association rule mining (August 2024) :star:
- :notebook: Feature set reduction for the detection of packed executables (June 2014)
- :newspaper: File packing from the malware perspective: Techniques, analysis approaches, and directions for enhancements (December 2022) :star: :star:
- :notebook: Fileprints: Identifying file types by n-gram analysis (June 2005)
- :notebook: A fine-grained classification approach for the packed malicious code (October 2012)
- :newspaper: A framework for metamorphic malware analysis and real-time detection (February 2015)
- :newspaper: Functionality-preserving black-box optimization of adversarial windows malware (May 2021) :star:
- :newspaper: G3MD: Mining frequent opcode sub-graphs for metamorphic malware detection of existing families (December 2018)
- :bookmark: Generating adversarial malware examples for black-box attacks based on GAN (February 2020) :star:
- :notebook: A generic approach to automatic deobfuscation of executable code (May 2015) :star:
- :notebook: Generic black-box end-to-end attack against state of the art API call based malware classifiers (September 2018) :star:
- :newspaper: Generic packing detection using several complexity analysis for accurate malware detection (January 2014)
- :notebook: Generic unpacker of executable files (April 2015)
- :notebook: Generic unpacking method based on detecting original entry point (November 2013)
- :bookmark: Generic unpacking of self-modifying, aggressive, packed binary programs (May 2009)
- :notebook: Generic unpacking techniques (February 2009)
- :notebook: Generic unpacking using entropy analysis (October 2010)
- :notebook: GUARD: Generic API de-obfuscation and obfuscated malware unpacking with sIAT (March 2025) :star:
- :newspaper: Hashing-based encryption and anti-debugger support for packing multiple files into single executable (February 2018)
- :notebook: A heuristic approach for detection of obfuscated malware (June 2009)
- :newspaper: A heuristics-based static analysis approach for detecting packed PE binaries (October 2013)
- :notebook: Highlighting the impact of packed executable alterations with unsupervised learning (April 2025) :star:
- :newspaper: Hunting for metamorphic engines (November 2006)
- :newspaper: Identifying malware packers through multilayer feature engineering in static analysis (February 2024) :star:
- :notebook: An implementation of a generic unpacking method on Bochs Emulator (September 2009)
- :newspaper: An improved method for packed malware detection using PE header and section table information (September 2019)
- :newspaper: Improving malware detection using multi-view ensemble learning (August 2016) :star:
- :scroll: Incremental clustering of malware packers using features based on transformed CFG (November 2022) :star:
- :notebook: Information theoretic method for classification of packed and encoded files (September 2015)
- :notebook: Instructions-based detection of sophisticated obfuscation and packing (October 2014)
- :bookmark: Intriguing properties of adversarial ML attacks in the problem space (March 2020) :star:
- :bookmark: Intriguing properties of neural networks (February 2014)
- :newspaper: A learning model to detect maliciousness of portable executable using integrated feature set (January 2017)
- :bookmark: Learning to evade static PE machine learning malware models via reinforcement learning (January 2018) :star:
- :notebook: Limits of static analysis for malware detection (December 2007)
- :greenbook: Longitudinal study of the prevalence of malware evasive techniques (December 2021) :star:
- :bookmark: MAB-Malware: A reinforcement learning framework for attacking static malware classifiers (April 2021) :star:
- :notebook: A machine-learning-based framework for supporting malware detection and analysis (September 2021) :star:
- :mortarboard: Maitland: Analysis of packed and encrypted malware via paravirtualization extensions (June 2012)
- :notebook: Mal-EVE: Static detection model for evasive malware (August 2015)
- :newspaper: Mal-flux: Rendering hidden code of packed binary executable (March 2019)
- :newspaper: Mal-XT: Higher accuracy hidden-code extraction of packed binary executable (November 2018)
- :newspaper: Mal-xtract: Hidden code extraction using memory analysis (January 2017)
- :newspaper: MaliCage: A packed malware family classification framework based on DNN and GAN (August 2022) :star:
- :newspaper: The MALICIA dataset: Identification and analysis of drive-by download operations (February 2015)
- :newspaper: Malware analysis using multiple API sequence mining control flow graph (July 2017)
- :newspaper: Malware analysis using visualized images and entropy graphs (February 2015)
- :mortarboard: Malware detection through opcode sequence analysis using machine learning (June 2015)
- :notebook: Malware family classification method based on static feature extraction (December 2017)
- :notebook: Malware images: Visualization and automatic classification (July 2011)
- :notebook: Malware makeover: Breaking ML-based static analysis by modifying executable bytes (May 2021) :star:
- :notebook: Malware obfuscation techniques: A brief survey (November 2010)
- :notebook: Malware obfuscation through evolutionary packers (July 2015)
- :newspaper: Malwise - An effective and efficient classification system for packed and polymorphic malware (June 2013)
- :notebook: McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables (December 2008)
- :closedbook: Measuring and defeating anti-instrumentation-equipped malware (June 2017)
- :notebook: Memory behavior-based automatic malware unpacking in stealth debugging environment (October 2010)
- :notebook: MetaAware: Identifying metamorphic malware (December 2007)
- :notebook: Metadata recovery from obfuscated programs using machine learning (December 2016)
- :newspaper: Metamorphic malware detection based on support vector machine classification of malware sub-signatures (September 2016)
- :newspaper: Metamorphic malware identification using engine-specific patterns based on co-opcode graphs (August 2020) :star:
- :newspaper: Mimicking anti-viruses with machine learning and entropy profiles (2019-05-21)
- :notebook: MLxPack: Investigating the effects of packers on ML-based malware detection systems using static and dynamic traits (May 2022) :star:
- :notebook: Modern Linux malware exposed (June 2018)
- :newspaper: MSG: Missing-sequence generator for metamorphic malware detection (March 2025) :star:
- :notebook: MutantX-S: Scalable malware clustering based on static features (June 2013)
- :notebook: The new signature generation method based on an unpacking algorithm and procedure for a packer detection (February 2011)
- :bookmark: Novel feature extraction, selection and fusion for effective malware family classification (March 2016)
- :newspaper: A novel framework for image-based malware detection with a deep neural network (October 2021) :star:
- :notebook: Obfuscation-resilient executable payload extraction from packed malware (August 2021) :star:
- :newspaper: Obfuscation: The hidden malware (August 2011)
- :notebook: Obfuscation: Where are we in anti-DSE protections? (a first attempt) (December 2019)
- :notebook: Obfuscator-LLVM: Software protection for the masses (May 2015)
- :notebook: OmniUnpack: Fast, generic, and safe unpacking of malware (December 2007)
- :newspaper: On deceiving malware classification with section injection (August 2022) :star:
- :bookmark: On evaluating adversarial robustness (February 2019) :star:
- :notebook: On the (Im)possibility of obfuscating programs (August 2001)
- :newspaper: On the (im)possibility of obfuscating programs (2) (April 2012)
- :newspaper: On the adoption of anomaly detection for packed executable filtering (June 2014)
- :notebook: On the feasibility of malware unpacking via hardware-assisted loop profiling (August 2023) :star:
- :newspaper: Opcode sequences as representation of executables for data-mining-based unknown malware detection (May 2013) :star:
- :newspaper: Opcodes as predictor for malware (January 2008)
- :notebook: OPEM: A static-dynamic approach for machine-learning-based malware detection (September 2012)
- :newspaper: Original entry point detection based on graph similarity (April 2024) :star:
- :newspaper: An original entry point detection method with candidate-sorting for more effective generic unpacking (January 2015)
- :notebook: Packed code detection using shannon entropy and homomorphic encrypted executables (October 2024) :star:
- :newspaper: Packed malware detection using entropy related analysis: A survey (November 2015)
- :newspaper: Packed malware variants detection using deep belief networks (March 2020)
- :notebook: Packed PE file detection for malware forensics (December 2009)
- :newspaper: Packer classification based on association rule mining (July 2022) :star:
- :notebook: Packer classifier based on PE header information (April 2015)
- :newspaper: Packer detection for multi-layer executables using entropy analysis (March 2017) :star:
- :notebook: Packer identification based on metadata signature (December 2017) :star:
- :notebook: Packer identification method based on byte sequences (November 2018)
- :notebook: Packer identification method for multi-layer executables with k-Nearest neighbor of entropies (October 2020) :star:
- :notebook: Packer identification using byte plot and Markov plot (September 2015)
- :notebook: Packer identification using hidden Markov model (November 2017)
- :mortarboard: Packer-complexity analysis in PANDA (January 2018)
- :notebook: PackGenome: Automatically generating robust YARA rules for accurate malware packer detection (November 2023) :star:
- :bookmark: PackHero: A scalable graph-based approach for efficient packer identification (July 2025) :star:
- :mortarboard: Packing detection and classification relying on machine learning to stop malware propagation (December 2021) :star:
- :mortarboard: Pandora's Bochs: Automatic unpacking of malware (January 2008)
- :notebook: Pattern recognition techniques for the classification of malware packers (July 2010)
- :newspaper: PE file features in detection of packed executables (January 2012)
- :notebook: PE file header analysis-based packed PE file detection technique (PHAD) (October 2008)
- :notebook: PE-Miner: Mining structural information to detect malicious executables in realtime (September 2009)
- :notebook: PE-Probe: Leveraging packer detection and structural information to detect malicious portable executables (June 2009)
- :notebook: PEAL - Packed executable analysis (January 2012)
- :newspaper: Performance evaluation of filter-based feature selection techniques in classifying portable executable files (January 2018) :star:
- :newspaper: PEzoNG: Advanced packer for automated evasion on Windows (December 2022) :star:
- :newspaper: Pitfalls in machine learning for computer security (October 2024)
- :notebook: PolyPack: An automated online packing service for optimal antivirus evasion (August 2009)
- :notebook: PolyUnpack: Automating the hidden-code extraction of unpack-executing malware (December 2006)
- :newspaper: Potent and stealthy control flow obfuscation by stack based self-modifying code (April 2013)
- :newspaper: Practical attacks on machine learning: A case study on adversarial windows malware (September 2022) :star:
- :notebook: Preprocessing of binary executable files towards retargetable decompilation (July 2013)
- :notebook: Prevalence and impact of low-entropy packing schemes in the malware ecosystem (February 2020) :star:
- :notebook: Program obfuscation by strong cryptography (February 2010)
- :notebook: RAMBO: Run-Time packer analysis with multiple branch observation (July 2016)
- :mortarboard: REFORM: A framework for malware packer analysis using information theory and statistical methods (April 2010)
- :notebook: Renovo: A hidden code extractor for packed executables (November 2007)
- :notebook: RePEconstruct: Reconstructing binaries with self-modifying code and import address table destruction (October 2016)
- :notebook: RePEF — A system for restoring packed executable file for malware analysis (July 2011)
- :newspaper: Replacement attacks against VM-protected applications (September 2012)
- :notebook: Research and implementation of compression shell unpacking technology for PE file (May 2009)
- :newspaper: Research and implementation of packing technology for PE files (January 2013)
- :notebook: Research of software information hiding algorithm based on packing technology (September 2020)
- :newspaper: Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks (March 2021) :star:
- :newspaper: Revealing packed malware (September 2008)
- :notebook: Reverse engineering self-modifying code: Unpacker extraction (October 2010)
- :mortarboard: Robust static analysis of portable executable malware (December 2014)
- :notebook: SATURN - Software deobfuscation framework based on LLVM (November 2019)
- :newspaper: SCORE: Source code optimization & reconstruction (July 2020)
- :notebook: SE-PAC: A self-evolving packer classifier against rapid packers evolution (April 2021) :star:
- :newspaper: Secure and advanced unpacking using computer emulation (August 2007)
- :notebook: Semi-supervised learning for packed executable detection (September 2011)
- :notebook: Semi-supervised learning for unknown malware detection (April 2011)
- :newspaper: Sensitive system calls based packed malware variants detection using principal component initialized multilayers neural networks (September 2018)
- :newspaper: Sequential opcode embedding-based malware detection method (March 2022) :star:
- :newspaper: Singular value decomposition and metamorphic detection (November 2015)
- :newspaper: SMASH: A malware detection method based on multi-feature ensemble learning (August 2019)
- :newspaper: Software protection through anti-debugging (May 2007)
- :notebook: SoK: (state of) the art of war: Offensive techniques in binary analysis (May 2016)
- :notebook: SoK: Automatic deobfuscation of virtualization-protected applications (August 2021) :star:
- :notebook: SoK: Deep packer inspection: A longitudinal study of the complexity of run-time packers (May 2015) :star:
- :mortarboard: Source-free binary mutation for offense and defense (December 2014)
- :notebook: SPADE: Signature based packer detection (August 2012)
- :notebook: Static analysis method on portable executable files for REMNUX based malware identification (October 2019)
- :notebook: Static analysis of executables to detect malicious patterns
🔗 More in this category