Home

Awesome

MalUnpackCompanion driver

Commit activity Last Commit

GitHub release GitHub release date Github All Releases Github Latest Release

License Platform Badge

MalUnpack companion driver: enhances capabilities of mal_unpack, isolates the run sample from the environment.

Works with: https://github.com/hasherezade/mal_unpack

Supported systems: Windows, starting from 7. Recommended system: Windows 10.

WARNING: This is an experimental version, use it on a Virtual Machine only!

How to install

  1. The driver is signed by a test signature, so, in order for the installation to succeed, Test Signing must be enabled on the target machine. As an Administrator, deploy the following command:
bcdedit /set testsigning on

Then reboot the system...

NOTE: In case if this is not sufficient, try another method (using Advanced Boot Options) described here.

  1. Right click on MalUnpackCompanion.inf from the driver package. From the context menu, choose "Install"
  2. After the driver is installed, it remains inactive. In order to activate it, run the following command as Administrator:
fltmc load MalUnpackCompanion

How to unload

Run the commandline as Administrator. Deploy the command:

fltmc unload MalUnpackCompanion

How to update

  1. Unload the driver (check How to unload)
  2. Repeat the installation steps 2 to 3 (check How to install)

Confirm that the driver is loaded

Option 1.

Run the commandline as Administrator. Deploy the command:

fltmc

You should see MalUnpackCompanion on the list of installed filter drivers.

Option 2.

Install Nirsoft DriversList (available here). Check if MalUnpackCompanion is on the list, and if it is running. This tool allows you also to easily check the version of the currently installed driver.

How to use

Download the mal_unpack userland application, and use it as it is mentioned in the instructions. If the MalUnpackCompanion driver is installed and loaded, the userland application will detect it automatically, and communicate with it.