unpacker is a WinAppDbg script to automate malware unpacking.

unpacker is a WinAppDbg script to automate malware unpacking.

unpacker is a WinAppDbg script to automate malware unpacking.
Features :
+ Detects certain unpacking behaviour (but not all)
— Determines original entry point
—+Determines jump point to original entry point
— Dumps unpacked code to a file
— ttempts to find unpacking loop
+ Dumps memory decrypted by CryptDecrypt()
+ Dumps memory decompressed by RtlDecompressBuffer()
— Attempts to detect process hollowing
—+ Dumps injected memory blocks to a file.

Latest Change 11/8/2015 unpack.py :
– Clean up to publish, Published as ‘Beyond Automated Unpacking: Extracting Decrypted/Decompressed Memory Blocks’

Script :

Source : https://github.com/malwaremusings