Skip to content

Unpacking

Jump to bottom
merces edited this page May 30, 2023 · 4 revisions

MalUnpack

Dynamic unpacker based on PE-sieve. It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.

NoVmp

Devirtualizer for VMProtect unpacked binaries. Open a Command Prompt and type:

novmp <your_vmp_unpacked_binary.exe>

QuickUnpack

This is a program that helps with the unpacking of many, many different packers and protectors using different methods. It's a hard to find jewel.

For best results make sure the architecture (32 or 64-bits) of QuickUnpack binary, the target binary and the Windows OS match.

UPX

Classic, still used (mainly by IoT malware writers with a few modifications) packer that supports both PE and ELF formats. Open a Command Prompt and type:

upx -h

The upx command is added to PATH variable (unless you unchecked this option when installing retoolkit) so you can call it from anywhere in Windows from Command Prompt or PowerShell prompt.

XVolkolak

Similarly to QuickUnpack, this tool also knows how to unpack targets automatically. However, it's more up to date.

Clone this wiki locally