{"id":17983391,"url":"https://github.com/hasherezade/mal_unpack","last_synced_at":"2025-05-15T11:04:41.099Z","repository":{"id":37470588,"uuid":"140192103","full_name":"hasherezade/mal_unpack","owner":"hasherezade","description":"Dynamic unpacker based on PE-sieve","archived":false,"fork":false,"pushed_at":"2025-03-16T16:00:40.000Z","size":1004,"stargazers_count":720,"open_issues_count":1,"forks_count":71,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-04-07T13:01:47.403Z","etag":null,"topics":["libpeconv","malware-analysis","malware-unpacker","memory-forensics","pe-sieve"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasherezade.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-08T18:24:00.000Z","updated_at":"2025-04-03T05:33:19.000Z","dependencies_parsed_at":"2023-11-10T21:25:39.613Z","dependency_job_id":"c26c31d5-19b0-4ebd-80de-497f575bbf7b","html_url":"https://github.com/hasherezade/mal_unpack","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmal_unpack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmal_unpack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmal_unpack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmal_unpack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasherezade","download_url":"https://codeload.github.com/hasherezade/mal_unpack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248933340,"owners_count":21185460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["libpeconv","malware-analysis","malware-unpacker","memory-forensics","pe-sieve"],"created_at":"2024-10-29T18:17:07.181Z","updated_at":"2025-04-14T18:10:21.840Z","avatar_url":"https://github.com/hasherezade.png","language":"C","readme":"# mal_unpack\n\n[![Build status](https://ci.appveyor.com/api/projects/status/3cqqlah6unfhasik?svg=true)](https://ci.appveyor.com/project/hasherezade/mal-unpack)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/fedbe124aa694761907bbe51bfc8d6f9)](https://app.codacy.com/gh/hasherezade/mal_unpack/dashboard?branch=master)\n[![Commit activity](https://img.shields.io/github/commit-activity/m/hasherezade/mal_unpack)](https://github.com/hasherezade/mal_unpack/commits)\n[![Last Commit](https://img.shields.io/github/last-commit/hasherezade/mal_unpack/master)](https://github.com/hasherezade/mal_unpack/commits)\n\n[![GitHub release](https://img.shields.io/github/release/hasherezade/mal_unpack.svg)](https://github.com/hasherezade/mal_unpack/releases)\n[![GitHub release date](https://img.shields.io/github/release-date/hasherezade/mal_unpack?color=blue)](https://github.com/hasherezade/mal_unpack/releases)\n[![Github All Releases](https://img.shields.io/github/downloads/hasherezade/mal_unpack/total.svg)](https://github.com/hasherezade/mal_unpack/releases)\n[![Github Latest Release](https://img.shields.io/github/downloads/hasherezade/mal_unpack/latest/total.svg)](https://github.com/hasherezade/mal_unpack/releases)\n\n[![License](https://img.shields.io/badge/License-BSD%202--Clause-blue.svg)](https://github.com/hasherezade/mal_unpack/blob/master/LICENSE)\n[![Platform Badge](https://img.shields.io/badge/Windows-0078D6?logo=windows)](https://github.com/hasherezade/mal_unpack)\n\nDynamic unpacker based on [PE-sieve](https://github.com/hasherezade/pe-sieve.git) ( 📖  [Read more](https://github.com/hasherezade/pe-sieve/wiki/1.-FAQ#pe-sieve-vs-malunpack---what-is-the-difference) ).\n\nIt deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.\u003c/b\u003e\n\n\u003e [!CAUTION]  \n\u003e This unpacker deploys the original malware. Use it only on a VirtualMachine.\n\n## ⚙ Usage\n\nBasic usage:\n\n```console\nmal_unpack.exe /exe \u003cpath_to_the_malware\u003e /timeout \u003ctimeout: ms\u003e\n```\n\n+  By default, it dumps implanted PEs.\n+  If you want to dump shellcodes, use the option: [`/shellc`](https://github.com/hasherezade/pe-sieve/wiki/4.1.-Detect-shellcodes-(shellc)).\n+  If you want to dump modified/hooked/patched PEs, use the option `/hooks`.\n+  If you want the unpacker to terminate on timeout, rather than on the first found implant, use `/trigger T`.\n\n\u003e [!IMPORTANT]  \n\u003e The available arguments are documented on [Wiki](https://github.com/hasherezade/pe-sieve/wiki). They can also be listed using the argument `/help`.\n\n## 🛠 Helpers and utilities\n\n+  For the best performance, install [MalUnpackCompanion driver](https://github.com/hasherezade/mal_unpack_drv).\n+  Check also the python wrapper: [MalUnpack Runner](https://github.com/hasherezade/mal_unpack_py/tree/master/runner)\n+  Check the python Library: [MalUnpack Lib](https://github.com/hasherezade/mal_unpack_py/tree/master/mal_unpack_lib)\n\n## Clone\n\nUse **recursive clone** to get the repo together with submodules:\n\n```console\ngit clone --recursive https://github.com/hasherezade/mal_unpack.git\n```\n\n## Builds\n\nDownload the latest [release](https://github.com/hasherezade/mal_unpack/releases).\n","funding_links":[],"categories":[":wrench: Tools","🔧 Packages"],"sub_categories":["Before 2000","⚡ Unpacking"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fmal_unpack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasherezade%2Fmal_unpack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fmal_unpack/lists"}