unpacking UPX or PE-packed binaries

["Karma" <steve () frij com>]

Hi List,

Just interested in how AV R&D companies unpack worms with complex UPX and PE
pack protocols.

Been trying to disect the recent Gaobot variants and getting no where with
my generic UPX-unpacker. Since this is more and more commonly used, I
thought I would be wise to consult the Lists.

Cheers,

Karma


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------