[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: unpacking UPX or PE-packed binaries
On Friday 23 April 2004 04:25 Karma wrote to
>Been trying to disect the recent Gaobot variants and getting no where with
>my generic UPX-unpacker. Since this is more and more commonly used, I
>thought I would be wise to consult the Lists.
In the case of at least one of the Gaobot's the UPX-header was (probably
deliberately by the author) mangled after the binary was packed. This method
"obfuscating" code has been seen before. If you could restore the original
UPX-header unpacking the code should be trivial.
Venlig hilsen / Kind regards
Henrik Bøgh ( henrik.list@xxxxxxxxx )
"Hva' glor du på? Det' sgu'da bare en hammer mand!"
-- Søren Pilmark som Grethe i 'Ørkenens sønner'