Started by Zlatko Vid, January 22, 2022, 08:55:20 AM
0 Members and 1 Guest are viewing this topic.
QuoteJust as a note on the last posting by JJ, UPX while being a high quality executable compressor for both 32 and 64 bit executable files, it is crippled by the assumptions of the original authors, their theory is that all executables should be available to decompressing them and be able to recompress the exe. This makes it the preferred tool for a vast number of virus/trojan writers as they can open a file, install a virus into it then recompress it. Various AV companies know how it is used and flag anything compressed by UPX as dangerous. I read a very good article from one of the team members of the Microsoft AV scanner on detecting modified versions of UPX that try and avoid its detection but they also know how to detect the UPX stub.
Page created in 0.231 seconds with 22 queries.