Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved runtime-packers #268

Merged
merged 4 commits into from
Sep 30, 2023
Merged

Improved runtime-packers #268

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6d2ad30
Improved runtime-packers
dhondta Sep 30, 2023
95bcc0c
Improved runtime-packers (2)
dhondta Sep 30, 2023
97aba06
Updated runtime-packer version
dhondta Sep 30, 2023
cb2132f
jq'ed machinetag.json
dhondta Sep 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 153 additions & 18 deletions runtime-packer/machinetag.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"namespace": "runtime-packer",
"description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.",
"version": 1,
"version": 2,
"predicates": [
{
"value": "portable-executable",
"value": "pe",
"expanded": "Portable Executable (PE)"
},
{
Expand All @@ -16,7 +16,7 @@
"expanded": "Executable Linkable Format (ELF)"
},
{
"value": "mach-o",
"value": "macho",
"expanded": "Mach-object (Mach-O)"
},
{
Expand All @@ -26,12 +26,91 @@
],
"values": [
{
"predicate": "portable-executable",
"predicate": "dex",
"entry": [
{
"value": "apk-protect",
"expanded": "APK Protect"
},
{
"value": "dexguard",
"expanded": "DexGuard"
},
{
"value": "dexprotector",
"expanded": "DexProtector"
}
]
},
{
"predicate": "elf",
"entry": [
{
"value": "bzexe",
"expanded": "BzExe"
},
{
"value": "ezuri",
"expanded": "Ezuri"
},
{
"value": "gzexe",
"expanded": "GzExe"
},
{
"value": "midgetpack",
"expanded": "MidgetPack"
},
{
"value": "pakkero",
"expanded": "Pakkero"
},
{
"value": "papaw",
"expanded": "Papaw"
},
{
"value": "shiva",
"expanded": "Shiva"
},
{
"value": "upx",
"expanded": "UPX"
}
]
},
{
"predicate": "macho",
"entry": [
{
"value": "eleckey",
"expanded": "ElecKey"
},
{
"value": "muncho",
"expanded": "Muncho"
},
{
"value": "mpress",
"expanded": "MPRESS"
},
{
"value": "upx",
"expanded": "UPX"
}
]
},
{
"predicate": "pe",
"entry": [
{
"value": ".netshrink",
"expanded": ".netshrink"
},
{
"value": "acprotect",
"expanded": "ACProtect"
},
{
"value": "alienyze",
"expanded": "Alienyze"
Expand All @@ -40,10 +119,6 @@
"value": "apack",
"expanded": "aPack"
},
{
"value": "apk-protect",
"expanded": "APK Protect"
},
{
"value": "armadillo",
"expanded": "Armadillo"
Expand All @@ -53,13 +128,17 @@
"expanded": "ASPack"
},
{
"value": "aspr-asprotect",
"expanded": "ASPR (ASProtect)"
"value": "asprotect",
"expanded": "ASProtect"
},
{
"value": "autoit",
"expanded": "AutoIT"
},
{
"value": "axprotector",
"expanded": "AxProtector"
},
{
"value": "bero",
"expanded": "BeRo EXE Packer"
Expand All @@ -77,21 +156,29 @@
"expanded": "Code Virtualizer"
},
{
"value": "dexguard",
"expanded": "DexGuard"
},
{
"value": "dexprotector",
"expanded": "DexProtector"
"value": "confuserex",
"expanded": "ConfuserEx"
},
{
"value": "dotbundle",
"expanded": "dotBundle"
},
{
"value": "dragon-armor",
"expanded": "Dragon Armor"
},
{
"value": "eleckey",
"expanded": "ElecKey"
},
{
"value": "enigma-protector",
"expanded": "Enigma Protector"
},
{
"value": "enigma-virtual-box",
"expanded": "Enigma Virtual Box"
},
{
"value": "exe-bundle",
"expanded": "EXE Bundle"
Expand All @@ -100,6 +187,10 @@
"value": "exe-stealth",
"expanded": "EXE Stealth"
},
{
"value": "exe32pack",
"expanded": "EXE32Pack"
},
{
"value": "expressor",
"expanded": "eXPressor"
Expand All @@ -109,8 +200,12 @@
"expanded": "FSG"
},
{
"value": "gzexe",
"expanded": "GzExe"
"value": "hxor-packer",
"expanded": "hXOR Packer"
},
{
"value": "jdpack",
"expanded": "JDPack"
},
{
"value": "kkrunchy",
Expand All @@ -124,10 +219,26 @@
"value": "mew",
"expanded": "MEW"
},
{
"value": "molebox",
"expanded": "MoleBox"
},
{
"value": "morphine",
"expanded": "Morphine"
},
{
"value": "mpress",
"expanded": "MPRESS"
},
{
"value": "neolite",
"expanded": "Neolite"
},
{
"value": "netcrypt",
"expanded": "NetCrypt"
},
{
"value": "nspack",
"expanded": "NSPack"
Expand All @@ -136,6 +247,10 @@
"value": "obsidium",
"expanded": "Obsidium"
},
{
"value": "packman",
"expanded": "Packman"
},
{
"value": "pecompact",
"expanded": "PECompact"
Expand All @@ -144,6 +259,10 @@
"value": "pelock",
"expanded": "PELock"
},
{
"value": "pepacker",
"expanded": "PE Packer"
},
{
"value": "peshield",
"expanded": "PEShield"
Expand All @@ -156,6 +275,10 @@
"value": "petite",
"expanded": "PEtite"
},
{
"value": "procrypt",
"expanded": "ProCrypt"
},
{
"value": "rlpack-basic",
"expanded": "RLPack Basic"
Expand All @@ -164,10 +287,22 @@
"value": "smart-packer-pro",
"expanded": "Smart Packer Pro"
},
{
"value": "squishy",
"expanded": "Squishy"
},
{
"value": "telock",
"expanded": "Telock"
},
{
"value": "themida",
"expanded": "Themida"
},
{
"value": "thinstall",
"expanded": "Thinstall"
},
{
"value": "upack",
"expanded": "UPack"
Expand Down
Loading