packer

Pack, unpack, and bundle PE/ELF payloads with the SGN+LZ4 stub.

Source: cmd/packer/ · godoc: pkg.go.dev/…/cmd/packer Audience: operator · Platforms: Windows + Linux output, builds on any host

Synopsis

packer pack    -in <file> -out <file> -format <blob|windows-exe|linux-elf> [options]
packer unpack  -in <file> -out <file> -key <hex32>
packer bundle  -out <file> -pl <file>:<vendor>:<min>-<max> [-pl ...] [-fallback exit|crash|first]
packer bundle  -wrap <launcher> -bundle <blob> -out <exe>

Subcommands

pack

Wraps pe/packer.PackBinary. Produces a runnable binary that decrypts and executes the original payload in-memory.

unpack

Inverse of pack -format blob. Reads the blob, decrypts with -key, writes the original payload to -out.

bundle

Multi-target dispatch — one blob holds N payloads, each matched by CPUID vendor + Windows build range at runtime.

-pl <file>:<vendor>:<min>-<max>     # vendor: intel | amd | *   range: <num>-<num> or *-*
-fallback exit|crash|first          # behaviour when no entry matches

Wrap into a runnable executable via -wrap <bundle-launcher.exe>.

Build

go build -o packer ./cmd/packer

Examples

# Pack a Windows EXE with anti-debug + compression
packer pack -in implant.exe -out packed.exe -format windows-exe \
  -compress -antidebug -randomize

# Build a CPU-aware bundle dispatching by vendor
packer bundle -out app.bin \
  -pl payload-intel.exe:intel:22000-99999 \
  -pl payload-amd.exe:amd:22000-99999

# Wrap the bundle inside the launcher
packer bundle -wrap bundle-launcher.exe -bundle app.bin -out app.exe

See also

• Technique: pe/packer.
• Runbook: Defender catch on dropper.
• Companion tool: bundle-launcher.