Dynamic unpacker based on PE-sieve.
It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.
📖 Read more on PE-sieve's Wiki.
mal_unpack.exe /exe <path_to_the_malware> /timeout <timeout: ms>
WARNING: This unpacker deploys the original malware. Use it only on a VirtualMachine.
ℹ For the best performance, install MalUnpackCompanion driver.
ℹ Check also the python wrapper: MalUnpack Runner
ℹ Check the python Library: MalUnpack Lib
Use recursive clone to get the repo together with submodules:
git clone --recursive https://github.com/hasherezade/mal_unpack.git
Download the latest release.