skEntropy
####Introduction The name of the tool is skEntropy (ScanEntropy). This is designed to determine packed and not packed executable using entropy difference method. ####Usage
skEntropy.py -f filename
skEntropy.py -h
skentropy -f filename --dump
####Working
This tool take a file as input and use feature set-reduction method to calculate the entropy of the file. The file is encrypted using AES algorithm and entropy of the encrypted file is calculated. The difference in the first entropy and second entropy is calculated and all the three values (first entropy, second entropy and difference entropy) are given to the K-nearest neighbor algorithm [KNN/IBK]. KNN algorithm uses 869 known sample data to determine if the excutable is packed and not packed.
####Scope Currently tool support PEexe files.
####Additional resources
PEfile. This module is used to navigate through the PE executable file.