Glossary
Entropy
A measure of randomness in binary data — high entropy in a section indicates compression or encryption, a hallmark of packed malware.
Entropy in the context of binary analysis is Shannon entropy: a value between 0 (perfectly uniform, e.g. all null bytes) and 8 (maximally random) that quantifies the randomness of a byte sequence. Compressed or encrypted data approaches entropy 8, while plain code and text typically score 5–6. A PE Format binary with a section whose entropy exceeds ~7.2 is almost certainly packed or encrypted. Entropy scanning is a fast static analysis heuristic used by YARA rules and malware scanners to flag suspicious files without needing to decode the payload.