UPX not good!

Started by Zlatko Vid, January 22, 2022, 08:55:20 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Zlatko Vid

Charles you should read this:

QuoteJust as a note on the last posting by JJ, UPX while being a high quality executable compressor for both 32 and 64 bit executable files, it is crippled by the assumptions of the original authors, their theory is that all executables should be available to decompressing them and be able to recompress the exe. This makes it the preferred tool for a vast number of virus/trojan writers as they can open a file, install a virus into it then recompress it. Various AV companies know how it is used and flag anything compressed by UPX as dangerous. I read a very good article from one of the team members of the Microsoft AV scanner on detecting modified versions of UPX that try and avoid its detection but they also know how to detect the UPX stub.
  •