13 thoughts on “Updated Enigma Virtual Box unpacker (again)

  1. Hi master Kao!
    I've used this version of EVB tool:
    EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59 Supports Enigma Virtual Box v4.10..10.30
    but the exe it recovered has got wrong EP as well as missed Import table, see below

    some pieces from log:
    ...
    [+] x64 executable
    [+] Embedded files are compressed
    [+] EnigmaVB version: 10.30
    ...
    [!] Warning: cannot fix PE Exception directory. Unpacked file may or may not work. Be careful!

    [+] Finished!

    so the question is - what does it mean the last warning?

    also when I opened up unpacked .exe in exeinfope 0077 it says this:
    File is corrupted ---> Entry Point over the file! ***
    example screen from the tool -
    {hidden link}

    general question - are there any reasons that the tool might not unpack exe(s) from EVB successfully?

    • Hi Alen,
      I can't solve your specific issue without seeing the actual file. Please upload it to mega.nz or mediafire.com and send me a link.

      I've tried to make the unpacker work reasonably well on most files. However, there are some corner cases which are either not implemented or not well tested because I didn't have enough sample files to work with. Judging from the screenshot, your file is 64-bit .NET executable and it might be one of those cases.

  2. I am trying to unpack an exe that is packed with Enigma Virtual Box but when unpacking I get this:
    EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59
    Supports Enigma Virtual Box v4.10..10.30
    Latest version always on {hidden link}

    [+] Filename: Luxify 4 - Copy.exe
    [+] MD5: cef5723e032181cf5db529d07b4b8c29
    [+] x64 executable
    [x] Expected section name ".enigma2", found ".rsrc"
    [x] This file is not protected with Enigma Virtual Box or is hacked.

    Looking at the sections, I see 2 sections with the name .enigma1 and .enigma2
    I uploaded the exe if you want to look at it, which can be viewed here: {hidden link}

    Thank you!

    • Hi,
      your file is protected using Enigma Protector and/or Themida. That's not what my unpacker is for.

  3. The tool overestimates the space needed to unpack an enigma file. Extracting a file that needs ~1GB of space, the program requested me to prepare well over 6GB of harddisk space.

    • Yes, that's intentional because there is no efficient way to do it properly. I had to choose between reading the entire file twice, running out of disk space during unpacking, or overestimating the free space requirements. I chose to overestimate.

      If you feel adventurous, you can always use the "/nodiskspace" switch to disable the check.

  4. Hi kao , can you check this out , it is packed and i'm not sure if this pack by enigma ..

    Thanks

    Here is the link : {hidden link}

    • That appears to be a custom loader used only by imperio-online.com. In addition to standard Tantra client+anticheat, it very likely contains an additional malware file.

      I'm not going to do anything with it.

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

nine  −  3  =