EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-01-2018, 00:12
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 22
Rept. Given: 3
Rept. Rcvd 38 Times in 14 Posts
Thanks Given: 8
Thanks Rcvd at 132 Times in 15 Posts
hors Reputation: 38
XVolkolak

Xvolkolak is an unpacker emulator.
Unlike programs of this type, it does not use DebugAPI and other features of the operating system. Everything is emulated. You can safely unpack malware for further investigation without the risk of damaging the system.
All machine instructions are not executed on a real processor, so unpacking occurs regardless of the processor type and the operating system.
It is possible to unpack 64 bit files on 32 operating systems.
This build emulates the processors intel x86 and AMD64.
It supports unpacking 32 and 64 bit Windows executable files. If there is community interest, it will be possible to unpack other executable files (ELF, MSDOS, Mach-O) and other processors.

Due to its capabilities, with the correct manual setting, the program engine can be used to unpack almost any packer / tread.
However, this version of the program works in a fully automatic mode and can only unpack simple non-commercial unpackers such as:

UPX
ASPack
NsPack
Mpress
MEW
(Win) Upack
FSG
and some others.

The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons.

The program is absolutely free for non-commercial and commercial use.

This version is for Windows. If you need a build for Linux, please let me know with the exact name of the operating system (for example Ubuntu 17.10 64 bit). The version for Linux is completely identical to the version of Windows.

The program is still in alpha status, so I would be grateful for all the comments on the program, as well as for links to files with simple packers. First of all, packed samples of malicious programs are of interest. Address for communication horsicq [at] gmail.com.

Download
More info

Last edited by hors; 07-12-2018 at 16:52. Reason: New version
Reply With Quote
The Following 22 Users Say Thank You to hors For This Useful Post:
an0rma1 (05-31-2018), bolo2002 (04-02-2018), Corsten (05-15-2018), foosaa (07-09-2018), h4sh3m (04-03-2018), Insid3Code (04-10-2018), kienmanowar (04-01-2018), Levis (06-02-2018), MarcElBichon (04-01-2018), Nacho_dj (05-30-2018), niculaita (04-01-2018), nimaarek (10-24-2018), NoneForce (05-30-2018), nulli (04-03-2018), ontryit (06-01-2018), sh3dow (04-17-2018), Stingered (04-01-2018), taos (04-05-2018), tonyweb (04-01-2018), uranus64 (04-03-2018), virus (04-03-2018), wilson bibe (04-01-2018)
  #2  
Old 04-02-2018, 23:39
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 397
Rept. Given: 99
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 106
Thanks Rcvd at 81 Times in 51 Posts
bolo2002 Reputation: 11
"The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons."

i'm living for obvious reasons,if you have a version or know where to get it,let me know in private.
__________________
I like this forum!
Reply With Quote
  #3  
Old 04-03-2018, 00:58
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 238
Rept. Given: 31
Rept. Rcvd 31 Times in 23 Posts
Thanks Given: 16
Thanks Rcvd at 37 Times in 23 Posts
squareD Reputation: 31
Agree to bolo2002
I'm also interested in the non public version
You also can give me a point in PM
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #4  
Old 04-03-2018, 07:20
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 167
Rept. Given: 35
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 42
Thanks Rcvd at 58 Times in 31 Posts
evlncrn8 Reputation: 54
wow, ignorance is bliss eh ?
are you aware that hors is the actual author ? its stuff like this that really demotivates authors and destroys projects
Reply With Quote
The Following 3 Users Say Thank You to evlncrn8 For This Useful Post:
Abaddon (04-03-2018), MarcElBichon (04-03-2018), zeffy (04-05-2018)
  #5  
Old 04-05-2018, 23:37
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 397
Rept. Given: 99
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 106
Thanks Rcvd at 81 Times in 51 Posts
bolo2002 Reputation: 11
Quote:
Originally Posted by evlncrn8 View Post
wow, ignorance is bliss eh ?
are you aware that hors is the actual author ? its stuff like this that really demotivates authors and destroys projects
And then what?

did i say something against him?No.
did i share something exetools only outside?Never.
i just asked him if it want to share it in private that's all.
both posts reflect more than good knowledges in RE!
i don't know what's wrong in my reply.
he's the author,free to him to do what he want from that and i doubt it's something that demotivates author and destroys projects.
__________________
I like this forum!
Reply With Quote
The Following 3 Users Say Thank You to bolo2002 For This Useful Post:
an0rma1 (05-31-2018), niculaita (04-06-2018), taos (04-06-2018)
  #6  
Old 05-30-2018, 16:50
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 22
Rept. Given: 3
Rept. Rcvd 38 Times in 14 Posts
Thanks Given: 8
Thanks Rcvd at 132 Times in 15 Posts
hors Reputation: 38
XVolkolak 0.18

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download
Reply With Quote
The Following 5 Users Gave Reputation+1 to hors For This Useful Post:
deepzero (05-31-2018), Insid3Code (06-01-2018), Levis (06-02-2018), MarcElBichon (05-30-2018), uranus64 (05-31-2018)
The Following 12 Users Say Thank You to hors For This Useful Post:
Abaddon (06-01-2018), an0rma1 (05-31-2018), copyleft (06-01-2018), Loki (06-01-2018), Nacho_dj (05-30-2018), p4r4d0x (09-07-2018), T-rad (09-07-2018), tonyweb (06-01-2018), uranus64 (05-31-2018), user_hidden (06-01-2018), zeffy (06-02-2018), Zeokat (06-02-2018)
  #7  
Old 05-30-2018, 21:32
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 825
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 164
Thanks Rcvd at 234 Times in 119 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
@hors
does it support previous Ubuntu LTS ed?
eg 14 or 16
Reply With Quote
  #8  
Old 06-01-2018, 02:01
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 22
Rept. Given: 3
Rept. Rcvd 38 Times in 14 Posts
Thanks Given: 8
Thanks Rcvd at 132 Times in 15 Posts
hors Reputation: 38
Quote:
Originally Posted by sendersu View Post
@hors
does it support previous Ubuntu LTS ed?
eg 14 or 16
It should work on 14 and 16 too.
Reply With Quote
The Following User Says Thank You to hors For This Useful Post:
sendersu (07-13-2018)
  #9  
Old 07-12-2018, 16:51
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 22
Rept. Given: 3
Rept. Rcvd 38 Times in 14 Posts
Thanks Given: 8
Thanks Rcvd at 132 Times in 15 Posts
hors Reputation: 38
XVolkolak 0.21

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download
Reply With Quote
The Following 2 Users Gave Reputation+1 to hors For This Useful Post:
MarcElBichon (07-12-2018), taos (07-12-2018)
The Following 9 Users Say Thank You to hors For This Useful Post:
bolo2002 (07-13-2018), Coldzer0 (07-13-2018), dj-siba (07-12-2018), espkk (07-16-2018), niculaita (07-12-2018), trickyboy (09-06-2018), user_hidden (07-12-2018), wilson bibe (07-12-2018), zeffy (07-13-2018)
  #10  
Old 09-06-2018, 13:37
trickyboy trickyboy is offline
Friend
 
Join Date: Dec 2005
Posts: 41
Rept. Given: 11
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 0 Times in 0 Posts
trickyboy Reputation: 0
Was there any body that got a private version? Please pm me, thank you.
Reply With Quote
  #11  
Old 09-06-2018, 23:54
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 397
Rept. Given: 99
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 106
Thanks Rcvd at 81 Times in 51 Posts
bolo2002 Reputation: 11
Quote:
Originally Posted by trickyboy View Post
Was there any body that got a private version? Please pm me, thank you.
I'm still waiting for a private version and keep it private.
you didn't seen my post above,it's bad to ask for it.
__________________
I like this forum!
Reply With Quote
  #12  
Old 09-07-2018, 07:07
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 311
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 252
Thanks Rcvd at 282 Times in 160 Posts
chants Reputation: 11
August 11, 2018 XVolkolak 0.22

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download

Credits of course go to hors
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
Stingered (01-02-2019)
  #13  
Old 09-07-2018, 08:42
Megin Megin is offline
Banned User
 
Join Date: Jul 2018
Posts: 31
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 79
Thanks Rcvd at 78 Times in 31 Posts
Megin Reputation: 4
"The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons."

Does such a version actually exist in the first place?
Given the fact that VMProtect and other complex protectors have so many options available in their protectors, I seriously doubt whether any single tool by itself can unpack it completely.

Want to further confirm that you are not putting up the private version for sale, even to private researchers? I ask since sometimes research tools like these are made available to institutions and researchers, even if not released into the public domain.
Reply With Quote
  #14  
Old 09-09-2018, 18:14
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 198
Rept. Given: 52
Rept. Rcvd 81 Times in 43 Posts
Thanks Given: 51
Thanks Rcvd at 56 Times in 32 Posts
Trit0n Reputation: 81
The author has never explicitly said that his Unpaker is capable of unpacking VMprotect.
(Is probably more wishful thinking)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 16:38.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX