Problem with UPX unpack - Page 2

Re: Problem with UPX unpack

#10791 by EP_X0FF
Wed Jan 04, 2012 3:02 pm

Actually nothing :) I thought write "unpacked" for upx is too much.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Problem with UPX unpack

#10794 by Flamef
Wed Jan 04, 2012 5:08 pm

Was it indeed pakced with UPX?How did you manage to unpack it?Why upx decompress didn't work for me?

Username

Flamef

Posts

65

Joined

Thu Jul 07, 2011 6:06 pm

Re: Problem with UPX unpack

#10796 by EP_X0FF
Wed Jan 04, 2012 5:30 pm

Flamef wrote:Was it indeed pakced with UPX?

Yes

How did you manage to unpack it?

upx -d filename

Why upx decompress didn't work for me?

Have no idea, i saw similar behavior before and even found a reason, but i totally forgot it because it was many years ago.
Probably most of other commands from cmd will fail also. Try "tracert", "ping", do they work?

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Problem with UPX unpack

#10797 by Xylitol
Wed Jan 04, 2012 5:31 pm

Flamef wrote:How did you manage to unpack it?Why upx decompress didn't work for me?

upx.exe -d Firefox_update.exe.exe

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Problem with UPX unpack

#10804 by Flamef
Wed Jan 04, 2012 10:24 pm

Well,thank you guys!Btw,since it's,obviously so easy to unpack UPX,why are most viruses etc packed with UPX,only to reduce the file size?Non-sense,isn't it? :D

Username

Flamef

Posts

65

Joined

Thu Jul 07, 2011 6:06 pm

Re: Problem with UPX unpack

#10805 by newgre
Wed Jan 04, 2012 10:36 pm

Erm well, because
a) most malwar are simply stupid
b) most malware writers don't give a shit
c) it doesn't really matter whether a malware sample is packed or not since the A/V industry is mostly still unable to deal with new malware

Pick any.

Username

newgre

Posts

27

Joined

Fri Mar 18, 2011 8:22 pm

Re: Problem with UPX unpack

#10812 by EP_X0FF
Thu Jan 05, 2012 3:56 am

Flamef wrote:Well,thank you guys!Btw,since it's,obviously so easy to unpack UPX,why are most viruses etc packed with UPX,only to reduce the file size?Non-sense,isn't it? :D

Usually they packed to reduce original stub size, or dropper size after obfuscation (or in both cases even multiple times). This one ransom is simple exception. Probably script-kiddies were unable to find/buy fud crypter for that time.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Problem with UPX unpack

#11686 by Aleksandra
Sat Feb 18, 2012 2:35 pm

Flamef wrote:Was it indeed pakced with UPX?How did you manage to unpack it?Why upx decompress didn't work for me?

No ideas.

Code: Select all

root@slax:~/Desktop# upx -d Firefox_update.exe.exe
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2008
UPX 3.03        Markus Oberhumer, Laszlo Molnar & John Reiser   Apr 27th 2008

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
   1109504 <-    145920   13.15%    win32/pe     Firefox_update.exe.exe

Unpacked 1 file.

Username

Aleksandra

Posts

79

Joined

Sun Jun 05, 2011 9:34 pm