Reverse Engineering Team Board

Reverse Engineering Team Board (
-   File Unpacking (
-   -   PID says UPX but problems happen. (

aiwnjoo 02-27-2012 05:19 PM

PID says UPX but problems happen.
1 Attachment(s)

Protection ID says it is packed with UPX (Latest) so I unpack it then the file does not run so presume something else is at work here and would be good if you can provide any information on this.


Git 02-27-2012 06:16 PM

PE Explorer unpacks several flavors of UPX.


kao 02-27-2012 06:36 PM

There's additional protection for the most juicy part of code. Small virtual machine - VMProtect, if I'm not mistaken.
See here:

UPX0:00401800  push    ebp
UPX0:00401801  mov    ebp, esp
UPX0:00401803  and    esp, 0FFFFFFF8h
UPX0:00401806  push    ecx
UPX0:00401807  push    ebx
UPX0:00401808  push    esi
UPX0:00401809  push    edi
UPX0:0040180A  jmp    loc_40B517  ; --> oops. nasty code follows! :)

All times are GMT -4. The time now is 01:40 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.