Analysis

Once you have activated your UnpacMe account and signed in you can begin submitting files for analysis. Supported Files Unpacme supports both 32-bit and 64-bit PE files. The maximum file size is 100MB. ZIP Files PE files can be submitted in a ZIP file if desired. The ZIP file must

Binary unpacking is the process of extracting embedded data from a file to analyze its contents or to reverse engineer the program. Our unpacking process employs a series of recursive static and dynamic unpackers to handle various types of packed files, followed by a classifier that determines the process halt

Both Parent files and Children are processed through a series of static analysis modules used to exact information from the file. The full analysis results for each file can be displayed by clicking the title bar in the file window on the Results page. The collapsed view of the window

The analysis Insights window provides a summary overview of the Parent and all its unpacked Children. This is intended to give the analyst quick insight into the threat level of the submission and any identified malware families. Classification The Classification of the sample is determined based on an amalgamation of

SourceIntel is an UnpacMe open source intelligence (OSINT) enrichment service that collects technical and contextual information about binaries observed in the wild. Primary source collection is obtained via web crawlers, social media monitoring, botnet emulators, and passive collection sources such as honeypots and spam traps. For each submission to UnpacMe

UnpacMe maintains a framework of malware configuration extractors used to extract information from known malware families such as the command and control (C2) addresses, cryptographic keys, and other settings used to control the behaviour of the malware. Malware Config Overview During analyst multiple malware configs may be extracted depending on

IOCs extracted from the Parent and Children are displayed in the IOCs window at the top of the Results page. IOCs provide quick information that can be ingested into a Security information and event management (SIEM) to proactively hunt for and protect against threats in the enterprise.

According to MITRE, ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Techniques represent the 'how' an adversary achieves a tactical goal by performing an action, while tactics represent the "why" of a technique. Techniques are grouped by