Created
September 12, 2018 02:06
-
-
Save joenorton8014/bddbbb3c068f7d9e7875d741a8f9b0f6 to your computer and use it in GitHub Desktop.
Revisions
-
joenorton8014 created this gist
Sep 12, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,80 @@ # Dictionary of packer sections and descriptions. # Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/ # Useful in python code :) packer_dict = {".aspack":"Aspack packer", \ ".adata":"Aspack packer/Armadillo packer", \ "ASPack":"Aspack packer", \ ".ASPack":"ASPAck Protector", \ ".boom":"The Boomerang List Builder (config+exe xored with a single byte key 0x77)", \ ".ccg":"CCG Packer (Chinese Packer)", \ ".charmve":"Added by the PIN tool", \ "BitArts":"Crunch 2.0 Packer", \ "DAStub":"DAStub Dragon Armor protector", \ "!EPack":"Epack packer", \ "FSG!":"FSG packer (not a section name, but a good identifier)", \ ".gentee":"Gentee installer", \ "kkrunchy":"kkrunchy Packer", \ ".mackt":"ImpRec-created section", \ ".MaskPE":"MaskPE Packer", \ "MEW":"MEW packer", \ ".MPRESS1":"Mpress Packer", \ ".MPRESS2":"Mpress Packer", \ ".neolite":"Neolite Packer", \ ".neolit":"Neolite Packer", \ ".nsp1":"NsPack packer", \ ".nsp0":"NsPack packer", \ ".nsp2":"NsPack packer", \ "nsp1":"NsPack packer", \ "nsp0":"NsPack packer", \ "nsp2":"NsPack packer", \ ".packed":"RLPack Packer (first section)", \ "pebundle":"PEBundle Packer", \ "PEBundle":"PEBundle Packer", \ "PEC2TO":"PECompact packer", \ "PECompact2":"PECompact packer (not a section name, but a good identifier)", \ "PEC2":"PECompact packer", \ "pec1":"PECompact packer", \ "pec2":"PECompact packer", \ "PEC2MO":"PECompact packer", \ "PELOCKnt":"PELock Protector", \ ".perplex":"Perplex PE-Protector", \ "PESHiELD":"PEShield Packer", \ ".petite":"Petite Packer", \ ".pinclie":"Added by the PIN tool", \ "ProCrypt":"ProCrypt Packer", \ ".RLPack":"RLPack Packer (second section)", \ ".rmnet":"Ramnit virus marker", \ "RCryptor":"RPCrypt Packer", \ ".RPCrypt":"RPCrypt Packer", \ ".seau":"SeauSFX Packer", \ ".sforce3":"StarForce Protection", \ ".spack":"Simple Pack (by bagie)", \ ".svkp":"SVKP packer", \ "Themida":"Themida Packer", \ ".Themida":"Themida Packer", \ ".taz":"Some version os PESpin", \ ".tsuarch":"TSULoader", \ ".tsustub":"TSULoader", \ ".packed":"Unknown Packer", \ "PEPACK!!":"Pepack", \ ".Upack":"Upack packer", \ ".ByDwing":"Upack Packer", \ "UPX0":"UPX packer", \ "UPX1":"UPX packer", \ "UPX2":"UPX packer", \ "UPX!":"UPX packer", \ ".UPX0":"UPX Packer", \ ".UPX1":"UPX Packer", \ ".UPX2":"UPX Packer", \ ".vmp0":"VMProtect packer", \ ".vmp1":"VMProtect packer", \ ".vmp2":"VMProtect packer", \ "VProtect":"Vprotect Packer", \ ".winapi":"Added by API Override tool", \ "WinLicen":"WinLicense (Themida) Protector", \ "_winzip_":"WinZip Self-Extractor", \ ".WWPACK":"WWPACK Packer", \ ".yP":"Y0da Protector", \ ".y0da":"Y0da Protector"}