packing-box/awesome-executable-packing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

packing-box/awesome-executable-packing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/packing-box/awesome-executable-packing)

Close

packing-box / awesome-executable-packingView on GitHubMore

• External links
• Readme badge

A curated list of awesome resources related to executable packing

☆1,548Feb 14, 2026Updated last month

Alternatives and similar repositories for awesome-executable-packing

Users that are interested in awesome-executable-packing are comparing it to the libraries listed below

• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,634Feb 8, 2026Updated last month
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,080Feb 3, 2024Updated 2 years ago
• hasherezade / mal_unpack

  View on GitHub
  Dynamic unpacker based on PE-sieve
  ☆797Sep 13, 2025Updated 6 months ago
• unipacker / unipacker

  View on GitHub
  Automatic and platform-independent unpacker for Windows binaries based on emulation
  ☆743Aug 18, 2025Updated 7 months ago
• mrexodia / dumpulator

  View on GitHub
  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…
  ☆857Feb 2, 2024Updated 2 years ago
• ayoubfaouzi / al-khaser

  View on GitHub
  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
  ☆6,885Mar 1, 2026Updated 2 weeks ago
• frank2 / packer-tutorial

  View on GitHub
  A tutorial on how to write a packer for Windows!
  ☆312Dec 15, 2023Updated 2 years ago
• JonathanSalwan / VMProtect-devirtualization

  View on GitHub
  Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
  ☆1,399Jun 11, 2022Updated 3 years ago
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,022Feb 21, 2021Updated 5 years ago
• Idov31 / Nidhogg

  View on GitHub
  Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
  ☆2,280Feb 15, 2026Updated last month
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,576Oct 31, 2025Updated 4 months ago
• mgeeky / ThreadStackSpoofer

  View on GitHub
  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
  ☆1,203Jun 17, 2022Updated 3 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆686Mar 11, 2024Updated 2 years ago
• EgeBalci / amber

  View on GitHub
  Reflective PE packer.
  ☆1,408Feb 22, 2024Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,793Aug 30, 2024Updated last year
• hasherezade / process_overwriting

  View on GitHub
  Yet another variant of Process Hollowing
  ☆460Jul 31, 2025Updated 7 months ago
• czs108 / Windows-PE-Packer

  View on GitHub
  🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…
  ☆355Oct 22, 2024Updated last year
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,999Jan 1, 2023Updated 3 years ago
• Cr4sh / MicroBackdoor

  View on GitHub
  Small and convenient C2 tool for Windows targets
  ☆613Mar 8, 2022Updated 4 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated 2 years ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,896Mar 12, 2026Updated last week
• rootkit-io / awesome-malware-development

  View on GitHub
  Organized list of my malware development resources
  ☆1,703May 16, 2022Updated 3 years ago
• scrt / avcleaner

  View on GitHub
  C/C++ source obfuscator for antivirus bypass
  ☆1,065Mar 10, 2022Updated 4 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆374May 24, 2022Updated 3 years ago
• weak1337 / Alcatraz

  View on GitHub
  x64 binary obfuscator
  ☆1,960Jul 14, 2023Updated 2 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,340Mar 7, 2026Updated 2 weeks ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,752Aug 30, 2025Updated 6 months ago
• Dump-GUY / Malware-analysis-and-Reverse-engineering

  View on GitHub
  Some of my publicly available Malware analysis and Reverse engineering.
  ☆940Jun 3, 2024Updated last year
• hasherezade / hollows_hunter

  View on GitHub
  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
  ☆2,319Oct 31, 2025Updated 4 months ago
• fr0gger / awesome-ida-x64-olly-plugin

  View on GitHub
  A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
  ☆1,535Feb 20, 2026Updated last month
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,307Mar 21, 2025Updated last year
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,260Aug 27, 2023Updated 2 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,601Jul 31, 2024Updated last year
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,511Nov 15, 2023Updated 2 years ago
• gmh5225 / awesome-llvm-security

  View on GitHub
  awesome llvm security [Welcome to PR]
  ☆800Mar 13, 2026Updated last week
• HyperDbg / HyperDbg

  View on GitHub
  State-of-the-art native debugging tools
  ☆3,685Updated this week
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆777Oct 17, 2023Updated 2 years ago
• ethereal-vx / Antivirus-Artifacts

  View on GitHub
  Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
  ☆756Nov 16, 2021Updated 4 years ago
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆553Dec 3, 2023Updated 2 years ago