Go Report Card

zipExec_unpack

A simple unpacking tool for the zipExec Crypter by Tylous. Since this Crypter will likely be used for malicious purposes sooner rather than later I chose to write this unpacking script and a matching Yara rule to detect the usage of zipExec. The samples in test-files/ are crypted versions of the Windows Calculator applicationcalc.exe.

Usage

go run zipExec_unpack.go path/to/sample.js

Screenshot

Tool Screenshot

GitHub

View Github