mal_unpack

Dynamic unpacker based on PE-sieve.
It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.

📖 Read more on PE-sieve's Wiki.

Usage

mal_unpack.exe /exe <path_to_the_malware> /timeout <timeout: ms>

WARNING: This unpacker deploys the original malware. Use it only on a VirtualMachine.

ℹ For the best performance, install MalUnpackCompanion driver.

ℹ Check also the python wrapper: MalUnpack Runner

ℹ Check the python Library: MalUnpack Lib

Clone

Use recursive clone to get the repo together with submodules:

git clone --recursive https://github.com/hasherezade/mal_unpack.git

Builds

Download the latest release.

Name		Name	Last commit message	Last commit date
Latest commit History 365 Commits
paramkit @ 58cb95f		paramkit @ 58cb95f
pe-sieve @ 5769040		pe-sieve @ 5769040
util		util
.appveyor.yml		.appveyor.yml
.gitignore		.gitignore
.gitmodules		.gitmodules
CMakeLists.txt		CMakeLists.txt
LICENSE		LICENSE
README.md		README.md
driver_comm.cpp		driver_comm.cpp
driver_comm.h		driver_comm.h
main.cpp		main.cpp
mal_unpack_res.rc		mal_unpack_res.rc
mal_unpack_ver.h		mal_unpack_ver.h
ntddk.h		ntddk.h
params.h		params.h
unpack_dir.bat		unpack_dir.bat
unpack_scanner.cpp		unpack_scanner.cpp
unpack_scanner.h		unpack_scanner.h

License

fengjixuchui/mal_unpack

Folders and files

Latest commit

History

Repository files navigation

mal_unpack

Usage

Clone

Builds

About

Resources

License

Stars

Watchers

Forks

Languages