In order to cover as many packing techniques as possible UNPACME use multiple unpacking processes. Some of these processes are unable to reconstruct a working PE payload from the data they extract. However, all returned payloads should be loadable in a disassembler such as IDA, and be an accurate enough representation of the malware to allow static analysis.

We are are continuously working to improve these processes so they deliver working PE files. You can help by flagging corrupted payloads for further analysis, a feature that is available to users who have registered for our private research services.