hasherezade/mal_unpack external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

hasherezade/mal_unpack

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hasherezade/mal_unpack)

Close

hasherezade / mal_unpackView on GitHubMore

• External links
• Readme badge

Dynamic unpacker based on PE-sieve

☆796Sep 13, 2025Updated 5 months ago

Alternatives and similar repositories for mal_unpack

Users that are interested in mal_unpack are comparing it to the libraries listed below

• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,562Oct 31, 2025Updated 4 months ago
• hasherezade / hollows_hunter

  View on GitHub
  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
  ☆2,313Oct 31, 2025Updated 4 months ago
• hasherezade / mal_unpack_drv

  View on GitHub
  MalUnpack companion driver
  ☆99Jun 17, 2024Updated last year
• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,620Feb 8, 2026Updated 3 weeks ago
• mrexodia / dumpulator

  View on GitHub
  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…
  ☆855Feb 2, 2024Updated 2 years ago
• unipacker / unipacker

  View on GitHub
  Automatic and platform-independent unpacker for Windows binaries based on emulation
  ☆741Aug 18, 2025Updated 6 months ago
• forrest-orr / moneta

  View on GitHub
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆807Mar 16, 2024Updated last year
• OALabs / BlobRunner

  View on GitHub
  Quickly debug shellcode extracted during malware analysis
  ☆626May 23, 2023Updated 2 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,331Oct 31, 2025Updated 4 months ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,860Updated this week
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆585May 5, 2024Updated last year
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,745Aug 30, 2025Updated 6 months ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆684Mar 11, 2024Updated last year
• c3rb3ru5d3d53c / binlex

  View on GitHub
  A Binary Genetic Traits Lexer Framework
  ☆523Updated this week
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆580Mar 8, 2024Updated last year
• mandiant / flare-floss

  View on GitHub
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
  ☆3,897Feb 23, 2026Updated last week
• hasherezade / bearparser

  View on GitHub
  Portable Executable parsing library (from PE-bear)
  ☆659Oct 4, 2025Updated 4 months ago
• hasherezade / process_overwriting

  View on GitHub
  Yet another variant of Process Hollowing
  ☆458Jul 31, 2025Updated 7 months ago
• 0xnobody / vmpdump

  View on GitHub
  A dynamic VMP dumper and import fixer, powered by VTIL.
  ☆1,327Nov 4, 2020Updated 5 years ago
• CERT-Polska / drakvuf-sandbox

  View on GitHub
  DRAKVUF Sandbox - automated hypervisor-level malware analysis system
  ☆1,269Updated this week
• mandiant / dncil

  View on GitHub
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
  ☆171Feb 23, 2026Updated last week
• mandiant / capa

  View on GitHub
  The FLARE team's open-source tool to identify capabilities in executable files.
  ☆5,844Updated this week
• hasherezade / pe-bear

  View on GitHub
  Portable Executable reversing tool with a friendly GUI
  ☆3,489Nov 2, 2025Updated 4 months ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,069Feb 3, 2024Updated 2 years ago
• hasherezade / pe-bear-releases

  View on GitHub
  PE-bear (builds only)
  ☆782Jun 4, 2023Updated 2 years ago
• hasherezade / dll_to_exe

  View on GitHub
  Converts a DLL into EXE
  ☆816Jul 23, 2023Updated 2 years ago
• Dump-GUY / Malware-analysis-and-Reverse-engineering

  View on GitHub
  Some of my publicly available Malware analysis and Reverse engineering.
  ☆936Jun 3, 2024Updated last year
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,793Sep 3, 2022Updated 3 years ago
• hasherezade / malware_training_vol1

  View on GitHub
  Materials for Windows Malware Analysis training (volume 1)
  ☆2,028Jul 1, 2024Updated last year
• c3rb3ru5d3d53c / mwcfg

  View on GitHub
  A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck
  ☆131Nov 25, 2023Updated 2 years ago
• packing-box / awesome-executable-packing

  View on GitHub
  A curated list of awesome resources related to executable packing
  ☆1,542Feb 14, 2026Updated 2 weeks ago
• kevoreilly / CAPEv2

  View on GitHub
  Malware Configuration And Payload Extraction
  ☆3,031Updated this week
• ayoubfaouzi / al-khaser

  View on GitHub
  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
  ☆6,861Feb 1, 2026Updated last month
• hasherezade / funky_malware_formats

  View on GitHub
  Parsers for custom malware formats ("Funky malware formats")
  ☆98Jan 8, 2022Updated 4 years ago
• fr0gger / awesome-ida-x64-olly-plugin

  View on GitHub
  A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
  ☆1,510Feb 20, 2026Updated last week
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,503Nov 15, 2023Updated 2 years ago
• binref / refinery

  View on GitHub
  High Octane Triage Analysis
  ☆820Updated this week
• mrphrazer / obfuscation_detection

  View on GitHub
  Binary Ninja plugin to identify obfuscated code and other interesting code constructs
  ☆650Mar 14, 2025Updated 11 months ago