Thanks to visit codestin.com
Credit goes to github.com

Skip to content

xaexaerox/skEntropy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
Util
Util
 
 
__pycache__
__pycache__
 
 
ordlookup
ordlookup
 
 
sample
sample
 
 
AES.py
AES.py
 
 
KNN.py
KNN.py
 
 
README.md
README.md
 
 
blockalgo.py
blockalgo.py
 
 
pefile.py
pefile.py
 
 
skEntropy.py
skEntropy.py
 
 

Repository files navigation

skEntropy

####Introduction The name of the tool is skEntropy (ScanEntropy). This is designed to determine packed and not packed executable using entropy difference method. ####Usage

skEntropy.py -f filename

skEntropy.py -h

skentropy -f filename --dump

####Working

This tool take a file as input and use feature set-reduction method to calculate the entropy of the file. The file is encrypted using AES algorithm and entropy of the encrypted file is calculated. The difference in the first entropy and second entropy is calculated and all the three values (first entropy, second entropy and difference entropy) are given to the K-nearest neighbor algorithm [KNN/IBK]. KNN algorithm uses 869 known sample data to determine if the excutable is packed and not packed.

####Scope Currently tool support PEexe files.

####Additional resources

PEfile. This module is used to navigate through the PE executable file.

About

This will determine packed and not packed executable using entropy difference method

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages