Visualizing encrypted or packed data ...
Posted: Tue Sep 29, 2009 11:40 am
Hi folks,
I recently wrote a little tool which helps reversers and malware-analysts to detect encrypted and/or packed data in files. A special focus lies on PE-files as they are visualized section-wise. The visualization is done by generating a histogram for the file (and it's sections in the case of PE). The tool and a decent description/documentation of it are available under http://cert.at/downloads/software/bytehist_en.html.
Comments are appreciated.
Cheers,
Didelphodon.
I recently wrote a little tool which helps reversers and malware-analysts to detect encrypted and/or packed data in files. A special focus lies on PE-files as they are visualized section-wise. The visualization is done by generating a histogram for the file (and it's sections in the case of PE). The tool and a decent description/documentation of it are available under http://cert.at/downloads/software/bytehist_en.html.
Comments are appreciated.
Cheers,
Didelphodon.