sandfly-entropyscan: detect packed or encrypted binaries related to malware


sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy (a measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can quickly find high entropy executable files and processes which often are malicious.

Read more…