Binary Analysis
upx is not working, why? Nov 22 2005 02:23AM
mao0524 hotmail com (1 replies)
Hi all,

I've got e-mail attached mailware.
When I used PEID, I found that file was compressed by upx.

[PEID status]
UPX 0.89.6 - 1.02 / 1.05 -> Markus & Laszlo

[PEID Section Viewer]
I can only see .rsrc section.
.rsrc 00032000(V.offset) 00001000(V.size) 0000D000(R.Offset) 00000400(R.Size) C0000040(Flags)

Then, I tried to uncompress this file using UPX unpacker(v1.25) but I found error message in UPX unpacker.

error message is as following,

---------------------------------
C:\>upx
-d -o ./list/uppack_services.exe ./list/services.exe
Ultimate Packer for eXecutables
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
UPX 1.25w Markus F.X.J. Oberhumer & Laszlo Molnar Jun 29th 2004

File size Ratio Format Name
-------------------- ------ ----------- -----------
upx: ./list/services.exe: CantUnpackException: file is modified/hacked/protected
; take care!!!

Unpacked 0 files.

-----------------------------------------

What's the matter?

[ reply ]
Re: upx is not working, why? Nov 23 2005 01:08AM
Chris Eagle (cseagle redshift com)


 

Privacy Statement
Copyright 2010, SecurityFocus