Unpacking

MalUnpack

Dynamic unpacker based on PE-sieve. It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process. Open a Command Prompt and type:

mal_unpack /help

NoVmp

Devirtualizer for VMProtect unpacked binaries. Open a Command Prompt and type:

novmp <your_vmp_unpacked_binary.exe>

QuickUnpack

This is a program that helps with the unpacking of many, many different packers and protectors using different methods. It's a hard to find jewel.

For best results make sure the architecture (32 or 64-bits) of QuickUnpack binary, the target binary and the Windows OS match.

UPX

Classic, still used (mainly by IoT malware writers with a few modifications) packer that supports both PE and ELF formats. Open a Command Prompt and type:

upx -h

The upx command is added to PATH variable (unless you unchecked this option when installing retoolkit) so you can call it from anywhere in Windows from Command Prompt or PowerShell prompt.

XVolkolak

Similarly to QuickUnpack, this tool also knows how to unpack targets automatically. However, it's more up to date.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unpacking

MalUnpack

NoVmp

QuickUnpack

UPX

XVolkolak

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally