You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to how we transparently decompress other archival formats, we should be able to run "upx -d" if a program appears to be compressed with UPX.
We should probably show the decompressed payload as if it existed "inside" the other one, so that the rule matches for both compressed and uncompressed payloads show up differently. For example:
# file
- HIGH: this file was compressed with UPX!
# file ∴ upx
- CRITICAL: it's malware!
If a UPX'd binary is encountered, but the upx utility is unavailable, an error message should be sent to stderr, saying something like:
"upx" not in path, unable to decompress binary for further analysis
The text was updated successfully, but these errors were encountered:
Similar to how we transparently decompress other archival formats, we should be able to run "upx -d" if a program appears to be compressed with UPX.
We should probably show the decompressed payload as if it existed "inside" the other one, so that the rule matches for both compressed and uncompressed payloads show up differently. For example:
If a UPX'd binary is encountered, but the
upx
utility is unavailable, an error message should be sent to stderr, saying something like:"upx" not in path, unable to decompress binary for further analysis
The text was updated successfully, but these errors were encountered: