This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.4 of Fundamentals of Malware Analysis
Shannon entropy as a packing and encryption detector — entropy ranges, per-section interpretation, the VirtualSize vs SizeOfRawData trick, and reading entropy output from PEStudio and DIE.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quick Bite
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
PEStudio — PE Static Analysis Tool
Free PE analysis tool that displays per-section entropy, imports, strings, and indicators. Install in your analysis VM.
Detect-It-Easy (DIE) — Packer and Compiler Identifier
Free tool that identifies packers, compilers, and protectors by signature matching. Displays entropy graphs per section.
REMA eBook 2026 — Chapter 2, Entropy Analysis
Read the full entropy comparison figures and packing indicators table in the REMA eBook.
Quadrant 4 · Self-Assessment
Fundamentals of Malware Analysis
Covers the analysis environment, PE file structure, static property examination, behavioural analysis, and dynamic code analysis of Windows executables.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.