This tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in the scope of packing detection for Windows PE files based on signatures. It uses a combination of more than 5.500 signatures merged from the following sources:

• wolfram77web/app-peid
• merces/pev
• ExeinfoASL/ASL
• Ice3man543/MalScan
• PEiD Tab

$ pip install peid

The main tool checks the input executable against the embedded or user-defined signatures database.

$ peid --help
[...]

$ peid program.exe
[...]

$ peid program.exe --db custom_sigs_db.txt

The second tool allows to inspect signatures.

$ peid-db --db path/to/userdb.txt --filter UPX

The third tool allows to create and integrate new signatures.

$ peid-sig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith

You may also like these:

• Awesome Executable Packing: A curated list of awesome resources related to executable packing.
• Bintropy: Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes (inspired from this paper).
• Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
• Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
• Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
• DSFF: Library implementing the DataSet File Format (DSFF).
• PyPackerDetect: Packing detection tool for PE files (fork of this repository).
• REMINDer: Packing detector using a simple heuristic (inspired from this paper).