hasherezade / mal_unpack

Dynamic unpacker based on PE-sieve
BSD 2-Clause "Simplified" License
658 stars 68 forks source link
libpeconv malware-analysis malware-unpacker memory-forensics pe-sieve

mal_unpack

Build status Codacy Badge Commit activity Last Commit

GitHub release GitHub release date Github All Releases Github Latest Release

License Platform Badge

Dynamic unpacker based on PE-sieve.
It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.

📖 Read more on PE-sieve's Wiki.

Usage

mal_unpack.exe /exe <path_to_the_malware> /timeout <timeout: ms>

WARNING: This unpacker deploys the original malware. Use it only on a VirtualMachine.

ℹ For the best performance, install MalUnpackCompanion driver.

ℹ Check also the python wrapper: MalUnpack Runner

ℹ Check the python Library: MalUnpack Lib

Clone

Use recursive clone to get the repo together with submodules:

git clone --recursive https://github.com/hasherezade/mal_unpack.git

Builds

Download the latest release.