Skip to content
/ zipExec_unpack Public

Unpacking tool for the zipExec Crypter

dissectingmalwa.re

License

GPL-3.0 license
13 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

f0wl/zipExec_unpack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
img
img
 
 
test-files
test-files
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
zipExec_unpack.go
zipExec_unpack.go
 
 

Repository files navigation

Go Report Card

zipExec_unpack

A simple unpacking tool for the zipExec Crypter by Tylous. Since this Crypter will likely be used for malicious purposes sooner rather than later I chose to write this unpacking script and a matching Yara rule to detect the usage of zipExec. The samples in test-files/ are crypted versions of the Windows Calculator applicationcalc.exe.

Usage

go run zipExec_unpack.go path/to/sample.js

Screenshot

Tool Screenshot

About

Unpacking tool for the zipExec Crypter

dissectingmalwa.re

Topics

reverse-engineering malware-analysis

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

2 watching

Forks

5 forks
Report repository

Languages