17 Dec
2003
17 Dec
'03
11:17 p.m.
them. So far, the results have been consistent within 20%. EXE's show 3-4 entropy bits/byte, ZIP files show 6-7, and DLL's and text files show 1-2.
Hmm... EXEs have twice the average entropy of DLLs?? The structural difference between an EXE and a DLL is a single flag in the header. I suspect that either your sample inputs are highly non-representative or your algorithm for estimating entropy is badly flawed. regards, -Blake