packing-box/awesome-executable-packing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

packing-box/awesome-executable-packing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/packing-box/awesome-executable-packing)

Close

packing-box / awesome-executable-packingView on GitHubMore

• External links
• Readme badge

A curated list of awesome resources related to executable packing

☆1,542Feb 14, 2026Updated 2 weeks ago

Alternatives and similar repositories for awesome-executable-packing

Users that are interested in awesome-executable-packing are comparing it to the libraries listed below

• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,069Feb 3, 2024Updated 2 years ago
• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,620Feb 8, 2026Updated 3 weeks ago
• hasherezade / mal_unpack

  View on GitHub
  Dynamic unpacker based on PE-sieve
  ☆796Sep 13, 2025Updated 5 months ago
• unipacker / unipacker

  View on GitHub
  Automatic and platform-independent unpacker for Windows binaries based on emulation
  ☆741Aug 18, 2025Updated 6 months ago
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,021Feb 21, 2021Updated 5 years ago
• ayoubfaouzi / al-khaser

  View on GitHub
  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
  ☆6,861Feb 1, 2026Updated last month
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,562Oct 31, 2025Updated 4 months ago
• Idov31 / Nidhogg

  View on GitHub
  Nidhogg is an all-in-one simple to use windows kernel rootkit.
  ☆2,260Feb 15, 2026Updated 2 weeks ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆684Mar 11, 2024Updated last year
• mrexodia / dumpulator

  View on GitHub
  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…
  ☆855Feb 2, 2024Updated 2 years ago
• mgeeky / ThreadStackSpoofer

  View on GitHub
  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
  ☆1,196Jun 17, 2022Updated 3 years ago
• JonathanSalwan / VMProtect-devirtualization

  View on GitHub
  Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
  ☆1,389Jun 11, 2022Updated 3 years ago
• scrt / avcleaner

  View on GitHub
  C/C++ source obfuscator for antivirus bypass
  ☆1,062Mar 10, 2022Updated 3 years ago
• hasherezade / process_overwriting

  View on GitHub
  Yet another variant of Process Hollowing
  ☆458Jul 31, 2025Updated 7 months ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆580Mar 8, 2024Updated last year
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,295Mar 21, 2025Updated 11 months ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,330Oct 31, 2025Updated 4 months ago
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,990Jan 1, 2023Updated 3 years ago
• rootkit-io / awesome-malware-development

  View on GitHub
  Organized list of my malware development resources
  ☆1,700May 16, 2022Updated 3 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,787Aug 30, 2024Updated last year
• EgeBalci / amber

  View on GitHub
  Reflective PE packer.
  ☆1,401Feb 22, 2024Updated 2 years ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,860Updated this week
• hasherezade / hollows_hunter

  View on GitHub
  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
  ☆2,313Oct 31, 2025Updated 4 months ago
• hlldz / RefleXXion

  View on GitHub
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆501Jan 25, 2022Updated 4 years ago
• weak1337 / Alcatraz

  View on GitHub
  x64 binary obfuscator
  ☆1,958Jul 14, 2023Updated 2 years ago
• Dump-GUY / Malware-analysis-and-Reverse-engineering

  View on GitHub
  Some of my publicly available Malware analysis and Reverse engineering.
  ☆932Jun 3, 2024Updated last year
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,745Aug 30, 2025Updated 6 months ago
• frank2 / packer-tutorial

  View on GitHub
  A tutorial on how to write a packer for Windows!
  ☆310Dec 15, 2023Updated 2 years ago
• czs108 / Windows-PE-Packer

  View on GitHub
  🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…
  ☆356Oct 22, 2024Updated last year
• Cr4sh / MicroBackdoor

  View on GitHub
  Small and convenient C2 tool for Windows targets
  ☆612Mar 8, 2022Updated 3 years ago
• 0xsp-SRD / mortar

  View on GitHub
  evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
  ☆1,498Dec 21, 2023Updated 2 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆374May 24, 2022Updated 3 years ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,793Sep 3, 2022Updated 3 years ago
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆777Oct 17, 2023Updated 2 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,592Jul 31, 2024Updated last year
• fr0gger / awesome-ida-x64-olly-plugin

  View on GitHub
  A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
  ☆1,510Feb 20, 2026Updated last week
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,255Aug 27, 2023Updated 2 years ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,462Jul 8, 2025Updated 7 months ago
• FULLSHADE / WindowsExploitationResources

  View on GitHub
  Resources for Windows exploit development
  ☆1,649Dec 20, 2021Updated 4 years ago