Submitting Files

Once you have activated your UnpacMe account and signed in you can begin submitting files for analysis. Supported Files Unpacme supports both 32-bit and 64-bit PE files. The maximum file size is 100MB. ZIP Files PE files can be submitted in a ZIP file if desired. The ZIP file must


Binary unpacking is the process of extracting embedded data from a file to analyze its contents or to reverse engineer the program. Our unpacking process employs a series of recursive static and dynamic unpackers to handle various types of packed files, followed by a classifier that determines the process halt

File Analysis

Both Parent files and Children are processed through a series of static analysis modules used to exact information from the file. The full analysis results for each file can be displayed by clicking the title bar in the file window on the Results page. The collapsed view of the window


The analysis Insights window provides a summary overview of the Parent and all its unpacked Children. This is intended to give the analyst quick insight into the threat level of the submission and any identified malware families. Classification The Classification of the sample is determined based on an amalgamation of


SourceIntel is an UnpacMe open source intelligence (OSINT) enrichment service that collects technical and contextual information about binaries observed in the wild. Primary source collection is obtained via web crawlers, social media monitoring, botnet emulators, and passive collection sources such as honeypots and spam traps. For each submission to UnpacMe

Malware Configuration

UnpacMe maintains a framework of malware configuration extractors used to extract information from known malware families such as the command and control (C2) addresses, cryptographic keys, and other settings used to control the behaviour of the malware. Malware Config Overview During analyst multiple malware configs may be extracted depending on

Indicators of Compromise (IOCs)

IOCs extracted from the Parent and Children are displayed in the IOCs window at the top of the Results page. IOCs provide quick information that can be ingested into a Security information and event management (SIEM) to proactively hunt for and protect against threats in the enterprise.


According to MITRE, ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Techniques represent the 'how' an adversary achieves a tactical goal by performing an action, while tactics represent the "why" of a technique. Techniques are grouped by

Need help?

Have you any question which is not answered in this knowledge base? Contact us. We are here to help you.

You've successfully subscribed to UnpacMe Support
Great! Next, complete checkout for full access to UnpacMe Support
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.