Vulnerability Development mailing list archives

unpacking UPX or PE-packed binaries

From: "Karma" <steve () frij com>
Date: Fri, 23 Apr 2004 12:25:38 +1000

Hi List,

Just interested in how AV R&D companies unpack worms with complex UPX and PE
pack protocols.

Been trying to disect the recent Gaobot variants and getting no where with
my generic UPX-unpacker. Since this is more and more commonly used, I
thought I would be wise to consult the Lists.

Cheers,

Karma

Current thread:

unpacking UPX or PE-packed binaries Karma (Apr 22)
- Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 23)
  - Re: unpacking UPX or PE-packed binaries Inode (Apr 26)
- Re: unpacking UPX or PE-packed binaries Blue Boar (Apr 23)
  - Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 26)
- Re: unpacking UPX or PE-packed binaries Henrik Bøgh (Apr 26)
- <Possible follow-ups>
- RE: unpacking UPX or PE-packed binaries Kayne Ian (Softlab) (Apr 23)
  - Re: unpacking UPX or PE-packed binaries Clint Bodungen (Apr 26)
    - Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 27)
    - Re: unpacking UPX or PE-packed binaries Clint Bodungen (Apr 27)
- Re: unpacking UPX or PE-packed binaries Suresh Ponnusami (Apr 27)