Updated Enigma Virtual Box unpacker (again)
Enigma Virtual Box unpacker
There are few minor fixes:
- Now it can unpack Enigma Virtual Box versions 10.20 and 10.30;
- Correctly detects some old and rare versions of Enigma Virtual Box;
05
Mar
Hi master Kao!
I've used this version of EVB tool:
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59 Supports Enigma Virtual Box v4.10..10.30
but the exe it recovered has got wrong EP as well as missed Import table, see below
some pieces from log:
...
[+] x64 executable
[+] Embedded files are compressed
[+] EnigmaVB version: 10.30
...
[!] Warning: cannot fix PE Exception directory. Unpacked file may or may not work. Be careful!
[+] Finished!
so the question is - what does it mean the last warning?
also when I opened up unpacked .exe in exeinfope 0077 it says this:
File is corrupted ---> Entry Point over the file! ***
example screen from the tool -
{hidden link}
general question - are there any reasons that the tool might not unpack exe(s) from EVB successfully?
Hi Alen,
I can't solve your specific issue without seeing the actual file. Please upload it to mega.nz or mediafire.com and send me a link.
I've tried to make the unpacker work reasonably well on most files. However, there are some corner cases which are either not implemented or not well tested because I didn't have enough sample files to work with. Judging from the screenshot, your file is 64-bit .NET executable and it might be one of those cases.
newbee!
And what exactly have you accomplished? :)
"Newbee" in Chinese homonym refers to "niubi" which means very awesome
I don't think he meant any harm, thanks for the file
Thanks for the explanation! :) You must admit, it looks more like an insult to people who don't speak Chinese.
I am trying to unpack an exe that is packed with Enigma Virtual Box but when unpacking I get this:
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59
Supports Enigma Virtual Box v4.10..10.30
Latest version always on {hidden link}
[+] Filename: Luxify 4 - Copy.exe
[+] MD5: cef5723e032181cf5db529d07b4b8c29
[+] x64 executable
[x] Expected section name ".enigma2", found ".rsrc"
[x] This file is not protected with Enigma Virtual Box or is hacked.
Looking at the sections, I see 2 sections with the name .enigma1 and .enigma2
I uploaded the exe if you want to look at it, which can be viewed here: {hidden link}
Thank you!
Hi,
your file is protected using Enigma Protector and/or Themida. That's not what my unpacker is for.
The tool overestimates the space needed to unpack an enigma file. Extracting a file that needs ~1GB of space, the program requested me to prepare well over 6GB of harddisk space.
Yes, that's intentional because there is no efficient way to do it properly. I had to choose between reading the entire file twice, running out of disk space during unpacking, or overestimating the free space requirements. I chose to overestimate.
If you feel adventurous, you can always use the "/nodiskspace" switch to disable the check.
Hi kao , can you check this out , it is packed and i'm not sure if this pack by enigma ..
Thanks
Here is the link : {hidden link}
That appears to be a custom loader used only by imperio-online.com. In addition to standard Tantra client+anticheat, it very likely contains an additional malware file.
I'm not going to do anything with it.
Okay I understand