Vulnerability Development mailing list archives
unpacking UPX or PE-packed binaries
From: "Karma" <steve () frij com>
Date: Fri, 23 Apr 2004 12:25:38 +1000
Hi List, Just interested in how AV R&D companies unpack worms with complex UPX and PE pack protocols. Been trying to disect the recent Gaobot variants and getting no where with my generic UPX-unpacker. Since this is more and more commonly used, I thought I would be wise to consult the Lists. Cheers, Karma
Current thread:
- unpacking UPX or PE-packed binaries Karma (Apr 22)
- Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 23)
- Re: unpacking UPX or PE-packed binaries Inode (Apr 26)
- Re: unpacking UPX or PE-packed binaries Blue Boar (Apr 23)
- Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 26)
- Re: unpacking UPX or PE-packed binaries Henrik Bøgh (Apr 26)
- <Possible follow-ups>
- RE: unpacking UPX or PE-packed binaries Kayne Ian (Softlab) (Apr 23)
- Re: unpacking UPX or PE-packed binaries Clint Bodungen (Apr 26)
- Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 27)
- Re: unpacking UPX or PE-packed binaries Clint Bodungen (Apr 27)
- Re: unpacking UPX or PE-packed binaries Clint Bodungen (Apr 26)
- Re: unpacking UPX or PE-packed binaries Gadi Evron (Apr 23)
- Re: unpacking UPX or PE-packed binaries Suresh Ponnusami (Apr 27)