How to Unpack an EXE File
Level of difficulty: Intermediate
Unpacking an EXE file can be done by utilizing some applications like the Universal Extractor or UniExtract. This application carries out exactly what it states and it is to extract files of different formats or archive types, whether it is an installation program, simple ZIP file or a Windows Installer package. Among the archive types that can be extracted by Universal Extractor include 7-zip archive, ASpack compressed file, ARC archive, bzip2 archive, ARJ archive, Gentee package, Inno Setup package, Installer VISE package, InstallShield Package, Microsoft Cabinet archive, NSIS package and more.
Materials Needed:- Universal Extractor (UniExtract) application
- EXE file
- Windows OS
- Mouse
Step 1
Download and install the UniExtract Installer. The uniextract16.exe is the recommended download. This .exe file will automatically install the program and integrate with the context menu of Windows Explorer. Download the UniExtract Source Code if you do not wish to utilize the installer.
Step 2
Once you have finished installing UniExtract, you can then run it and right click on your target EXE file or any target compressed files. Then select one of UniExtract’s options by clicking on it. Some of these options include (1) UniExtract Here, which will unpack files to the current or existing directory; (2) UniExtract to Subdir, which will extract the file to a subdirectory that was named after the archive file and (3) UniExtract Files, which will ask you to select where you wish to extract the file.
Step 3
After you have clicked on the option, the file signature of your EXE file will then be analyzed by the PEiD. If the file signature points out that it is a supported format, then extraction will immediately start but if the signature is not recognized, it will attempt to run your EXE file via UnZip and 7-zip as default cases. If any of these applications recognized the file signature, then it will be unpacked, otherwise, UniExtract will exhibit an error message.
Step 4
You will then be notified by UniExtract once it has successfully unpacked your EXE file. The application will assume success if the size of its unpacked file is much greater than its initial size. You will be notified and will be left with a log file that contains error messages if UniExtract failed to unpack your EXE file.
Step 5
Check the uniextract.log file if for instance, UniExtract failed to unpack your EXE file. The LOG file is generated by the tee program during the unpacking process. All production from the processing binary are essentially redirected to tee that in turn encodes the output to the uniextract.log file.