de-CryptOne v.2

Is a python 3 script which unpacks statically x86 samples packed with CryptOne packer versions from 2021/08 until now (2021/12).


~$ python3 sample.bin




Requirements (Latest tested)

  • Yara, Version 3.9.0
  • yara-python, Version 4.1.0
  • pefile, Version 2021.5.24



In case some files are not working, please make sure it is packed with CryptOne, if yes please provide me the hash in a DM ().

Also, if you managed to obtain a x64 sample please send me over to add support.

Enjoy while unpacking 😉


View Github