-
Notifications
You must be signed in to change notification settings - Fork 500
Unpacking
Fernando Mercês edited this page Mar 15, 2021
·
4 revisions
VMProtect devirtualizer.
This is a program that helps with the unpacking of many, many different packers and protectors using different methods. It's a hard to find jewel.
For best results make sure the architecture (32 or 64-bits) of QuickUnpack binary, the target binary and the Windows OS match.
Classic, still used (mainly by IoT malware writers with a few modifications) packer that supports both PE and ELF formats.
The
upxcommand is added toPATHvariable (unless you unchecked this option when installing retoolkit) so you can call it from anywhere in Windows from Command Prompt or PowerShell prompt.
Similarly to QuickUnpack, this tool also knows how to unpack targets automatically. However, it's more up to date.