Noticed some inconsistencies with DiE being able to identify that a packed executable is actually packed when the executable was specifically packed using Amber. It also doesn't seem to be able identify that Amber is the packer being used at all but that is less of an issue for me than being able to ID whether the executable is packed or not.
I ran 12 tests with various Amber packed Windows PEs. 8 came back with positive identifications of the executable being packed, 4 did not. One thing to note is that originally I thought it was the size of the executable that was causing the problem but I ruled that out since it was able to detect strings.exe was packed (approx 320KiB) but not cmd.exe (approx 471KiB).
I used both DiE and NFD engines for testing with no discernible changes between the results of the two.
Here are some screenshots of GUI results for strings.exe and cmd.exe from both NFD and DiE engines:
Noticed some inconsistencies with DiE being able to identify that a packed executable is actually packed when the executable was specifically packed using Amber. It also doesn't seem to be able identify that Amber is the packer being used at all but that is less of an issue for me than being able to ID whether the executable is packed or not.
I ran 12 tests with various Amber packed Windows PEs. 8 came back with positive identifications of the executable being packed, 4 did not. One thing to note is that originally I thought it was the size of the executable that was causing the problem but I ruled that out since it was able to detect strings.exe was packed (approx 320KiB) but not cmd.exe (approx 471KiB).
I used both DiE and NFD engines for testing with no discernible changes between the results of the two.
Here are some screenshots of GUI results for strings.exe and cmd.exe from both NFD and DiE engines: