Skip to main content

Kaspersky
DeepUnpack

Cybercriminals have become quite adept at using ‘gray’ archiving and packing utilities to mask the malicious payload inside the files they send to their intended victims. Facing this threat, Kaspersky has developed DeepUnpack – a technology specifically designed to make short work of any such attempts at content obfuscation.

Kaspersky DeepUnpack is a deep file-unpacking technology that reveals what conventional tools miss. Not just ZIP or RAR archives – DeepUnpack supports over 200 archiver formats and over 600 packer formats, including those exclusively used by malware authors, so your detection, sandboxing, DLP, and governance controls can operate on the real content.

Contact Us

Why DeepUnpack

Increase inspection coverage

DeepUnpack supports a broad range of archivers and executable packers, including many rare and malware-only variants, helping you reduce “unknown packer” blind spots.

Normalize hostile inputs for downstream controls

Extract, enumerate, and pass clean artifacts to your existing anti-malware solution, sandbox, YARA rules, content filters, or policy engine – without rebuilding your stack.

Operate safely at scale

Built-in protections and parallel processing help maintain throughput and resilience under adversarial conditions (including archive-bomb style attacks).

DeepUnpack Features

Security vendors and any organizations that ingest large volumes of untrusted files need a reliable technology to scan, detonate, index and govern inbound objects. Here’s what Kaspersky DeepUnpack provides:

Usage Scenarios

Email security & collaboration security

No more blind attachments

Web gateways, SWG, Proxy

Turn every download into a transparent object before policy and detection

Cloud storage / file upload scanning

Consistent deep extraction at rest and on upload

Sandboxing & detonation

Detonate what matters, not the wrapper

Malware analysis, Threat Intelligence

Maximize extraction success from hostile samples

SOAR/SOC automation

Automated triage that attackers can’t cheaply break

Software supply chain & artifact scanning

Standardize file inspection and reduce ‘can’t open’ events

Preferred Customer Types – and Why They Should Care

Cybersecurity vendors

OEM or license Kaspersky DeepUnpack as an engine to improve detection coverage:
  • Email security gateways and anti-phishing vendors (attachments are the battlefield)
  • Secure Web Gateway / proxy vendors (download inspection at scale)
  • CASB / SaaS security vendors (scanning shared files)
  • Cloud security / CNAPP providers that scan object storage
  • Sandbox / malware detonation vendors (pre-processing stage)
  • EDR/XDR vendors (back-end detonation/analysis services).

MSSPs / MDR providers

Handle diverse customer telemetry and lots of inbound samples:
  • stable automation (zip-bomb protection),
  • throughput (multiprocessing),
  • unpack “whatever shows up” (broad format support).

Large regulated enterprises with heavy file traffic

Finance, insurance, healthcare, government, critical infrastructure supply chains with many common traits:
  • lots of inbound documents/archives,
  • strict compliance, low tolerance for malware incidents,
  • centralized Linux scanning.

Cloud/SaaS platforms with user uploads

Any product that hosts or routes user content needs “clean platform” trust:
  • file sharing & collaboration,
  • managed email providers,
  • customer support platforms that accept attachments,
  • HR/recruiting portals, fintech onboarding portals, etc.

Digital forensics labs & national CERT orgs

  • These organizations routinely meet multipacked/obfuscated samples
  • Breadth of supported packer/archiver formats and versions matters for time-to-triage.

Need help to take the next step?

Contact Us

If you wish to know more, please click the button below and indicate that you require more information about Kaspersky DeepUnpack, and our representative will get in touch with you shortly.
Contact Us