Binary Unpacker

The unpacker supports Windows PE executables (.exe), DLL files (.dll), Android APKs, ELF Linux binaries, Python compiled executables (PyInstaller, cx_Freeze), and any installer format that 7z can read (NSIS, Inno Setup, CAB, RAR). Maximum file size is 100MB.

VMProtect, Themida, Enigma, and other commercial protectors cannot be automatically unpacked — they use virtualization and mutation that requires runtime execution to reverse. The unpacker will detect these protectors, generate a PE memory image, dump high-entropy sections, and extract any embedded payloads. Use Memory Dump mode for the most comprehensive output on these targets.

The ZIP contains everything extracted during analysis: unpacked binary, decompiled source files (for PyInstaller/cx_Freeze), PE memory image, embedded payload dumps, high-entropy section dumps, export tables (for DLLs), DEX class names (for APKs), extracted strings, and a full analysis log. Contents vary by binary type.

The main analysis (dashboard upload) generates an AI intelligence report with threat scoring, YARA signatures, CAPA capabilities, secrets scanning, and a PDF. The unpacker focuses purely on extraction — getting the actual decompressed binary, source code, or artifacts out of the file. Both tools complement each other.

Most unpacking jobs complete in 15 to 60 seconds. PyInstaller and UPX jobs are fastest (under 20 seconds). .NET decompilation with ILSpy can take up to 2 minutes for large assemblies. APK decompilation with jadx may take up to 3 minutes. The live terminal shows real-time progress.

No. The unpacker is available on all premium plans — Monthly, 6-Month, Yearly, and Team. Free accounts do not have unpacker access. To upgrade, visit the Pricing page.