Search
Members
Login
Register
Welcome, Guest. Please Login or Register.
Apr 19th, 2014, 12:00pm
   TrojanHunter Forum
   TrojanHunter
   TrojanHunter Scanner

   What is UPX and what's the danger?
« Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: What is UPX and what's the danger?  (Read 1009 times)
John_Hill
Newbie
*





   


Posts: 12
What is UPX and what's the danger?
« on: Nov 30th, 2004, 2:06am »
Quote Quote  Modify Modify

Probably I should know, but I don't. I found the acronym: Ultimate Packer for eXecutables, but what so?
 
I'm evaluating TH4; obviously I need it. At first run I was notified:
wizmo.exe (Suspicious: UPX-packed file in Windows System folder)
[The One-Click Utility from Gibson Research Corp.]
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW  

Gender: male
Posts: 2883
Re: What is UPX and what's the danger?
« Reply #1 on: Nov 30th, 2004, 9:05am »
Quote Quote  Modify Modify

UPX is a runtime packer for executables.   There are many such "execution compression" schemes but UPX is the most popular, probably followed by ASPACK.  The idea is to compress the size of the executable without losing any functionality: when executed, the compressed executable will load the same uncompressed image in memory.  Wink
IP Logged
John_Hill
Newbie
*





   


Posts: 12
Re: What is UPX and what's the danger?
« Reply #2 on: Dec 2nd, 2004, 12:57am »
Quote Quote  Modify Modify

Thx for your answer. I assume that the TH warning is caused by the fact that TH can't unpack the exe to check its content? How does TH treat self-executable zip files?
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW  

Gender: male
Posts: 2883
Re: What is UPX and what's the danger?
« Reply #3 on: Dec 2nd, 2004, 1:27am »
Quote Quote  Modify Modify

on Dec 2nd, 2004, 12:57am, John_Hill wrote:
I assume that the TH warning is caused by the fact that TH can't unpack the exe to check its content?

TH can unpack UPX, usually the warning is because UPX-packed files in the Windows system folder are suspect.  Trojans and malware use packing to disguise their true signatures.  Btw, that is the strength of memory scanning techniques such as used by TH Guard because trojans must reveal their true signature {footprint} when they load into memory.  Wink
 
The other question, about self-extracting executables -- KAV can unpack and decrypt many of these but I don't think TH is designed to analyze self-extracting ZIP or RAR files until they unzip themselves -- I could be wrong about that, though.  Usually this is not a security risk since self-extractors when executed will reveal their uncompressed components {contents} and give opportunity for AntiVirus and AntiTrojan realtime monitors to examine the contents at the time they extract the contents.  Wink
« Last Edit: Dec 2nd, 2004, 1:29am by Randy_Bell » IP Logged
John_Hill
Newbie
*





   


Posts: 12
Re: What is UPX and what's the danger?
« Reply #4 on: Dec 2nd, 2004, 2:11am »
Quote Quote  Modify Modify

Unbeatable quick response! I appreciate your guidance, Randy.  Smiley
 
I have used AV/firewalls for years, but during the last weeks I have learned (from newspapers, friends etc) that "a common AV" isn't sufficient. Due to the complexity of today's security threats, you need specialized software like TH (+ anti spyware/adware). As a result of my surfing for security issues, I have learned: Don't use the application's default settings; UNDERSTAND the software; make your individual configuration to suite your needs. (That's why I'm asking.)
 
I have just started my evaluation period, but I'm convinced. I need TH. It is working fine (fortunately without finding any Trojan), but the help file could be "more helpful". Thanks to this splendid user forum, I think I have the resources I need. I'm reading and reading... Thanks to all contributors.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »