wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2026 winget.ragerworks.com

Loading...
Install evbunpack using Winget - wingetCollections
  1. Go back
  2. Packages
  3. evbunpack
evbunpack logo

evbunpack mos9527

enigma-virtual-box-unpacker enigmavirtualboxunpacker evb-unpack requirescmd
Use this command to install evbunpack:
winget install --id=mos9527.evbunpack -e

Enigma Virtual Box unpacker.

README

evbunpack

Windows Build Releases Code style: black

Enigma Virtual Box unpacker

Features

  • Executable unpacking
    • TLS, Exceptions, Import Tables and Relocs are recovered
    • Executables with Overlays can be restored as well
    • Enigma loader DLLs and extra data added by the packer is stripped
  • Virtual Box Files unpacking
    • Supports both built-in files and external packages
    • Supports compressed mode

Tested Versions

  • This applies to PE unpacking. If the chosen PE unpack variant does not work, please try out the other ones with -pe [variant]
Packer VersionNotesUnpack with Flags
11.00Automatically tested in CI for x86/x64 binaries.-pe 10_70
10.70Automatically tested in CI for x86/x64 binaries.-pe 10_70
9.70Automatically tested in CI for x86/x64 binaries.-pe 9_70
7.80Automatically tested in CI for x86/x64 binaries-pe 7_80 --legacy-fs

Installation

For Windows Users : Builds are available here

Or get the latest version from PyPi:

    pip install evbunpack

Usage

usage: evbunpack [-h] [--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-l] [--ignore-fs] [--ignore-pe] [--legacy-fs] [-pe {10_70,9_70,7_80}] [--out-pe OUT_PE] file output

Enigma Virtual Box Unpacker

options:
  -h, --help            show this help message and exit
  --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
                        Set log level

Flags:
  -l, --list            Don't extract the files and print the table of content to stderr only
  --ignore-fs           Don't extract virtual filesystem
  --ignore-pe           Don't restore the executable
  --legacy-fs           Use legacy mode for filesystem extraction
  -pe {10_70,9_70,7_80}, --pe-variant {10_70,9_70,7_80}
                        Unpacker variant to use when unpacking EXEs. default=9_70

Overrides:
  --out-pe OUT_PE       (If the executable is to be recovered) Where the unpacked EXE is saved. Leave as-is to save it in the output folder.

Input:
  file                  File to be unpacked
  output                Output folder

Example Usage (test file available here)

Input:

evbunpack x64_PackerTestApp_packed_20240522.exe output

Output:

INFO: Enigma Virtual Box Unpacker v0.2.1
INFO: Extracting virtual filesystem
Filesystem:
   └─── output
       └─── output/README.txt
Writing File [size=0x11, offset=0x3465]: total=      11h read=       0h
INFO: Extraction complete
INFO: Restoring executable
INFO: Using default executable save path: output\x64_PackerTestApp_packed_20240522.exe
Saving PE: total=    3211h read=       0h
INFO: Unpacked PE saved: output\x64_PackerTestApp_packed_20240522.exe

TODO

  • Automatically detect packer version

Credits

  • evb-extractor
  • aplib

License

Apache 2.0 License

Versions
0.2.6
Website
github.com
License
Last updated
2/7/2026
Download latest version