de-CryptOne v.2

Is a python 3 script which unpacks statically x86 samples packed with CryptOne packer versions from 2021/08 until now (2021/12).

Usage

~$ python3 decrypt1v2.py sample.bin

 

Example

 

Requirements (Latest tested)

  • Yara, Version 3.9.0
  • yara-python, Version 4.1.0
  • pefile, Version 2021.5.24

 

Support

In case some files are not working, please make sure it is packed with CryptOne, if yes please provide me the hash in a DM ().

Also, if you managed to obtain a x64 sample please send me over to add support.

Enjoy while unpacking 😉

GitHub

View Github