PDA

View Full Version : UPX v12_m2_dll - unpack error

FanJ
March 22nd, 2010, 11:38 PM
I'm getting several warnings on install files with respect to:
UPX v12_m2_dll - unpack error

Some examples:
D:\Acronis\Disk Director Suite\Version 9_0 Build 554\diskdirectorsuite9.0.554_s_en.exe » ZIP » snapapi.dll » UPX v12_m2_dll - unpack error
D:\Acronis\Disk Director Suite\Version 9_0 Build 554\diskdirectorsuite9.0.554_s_en.exe » ZIP » readcd.exe » UPX v12_m2 - unpack error
D:\AWSPS\Version 4_61\awsps461.zip » ZIP » setup.exe » INNO » file0003.bin » UPX v12_m2_dll - unpack error
D:\AWSPS\Version 4_61\awsps461\setup.exe » INNO » file0003.bin » UPX v12_m2_dll - unpack error
D:\Everest\Version 1_51\everesthome151.zip » ZIP » everest.exe » UPX v12_m2 - unpack error
D:\Everest\Version 1_51\everesthome151.zip » ZIP » everest_directx.dll » UPX v12_m2_dll - unpack error
D:\EVEREST Ultimate Edition\Version 4_60_1500_0\everestultimate460.exe » INNO » file0015.bin » UPX v12_m2_dll - unpack error
D:\EVEREST Ultimate Edition\Version 5_01_1700_0\everestultimate501.exe » INNO » file0017.bin » UPX v12_m2_dll - unpack error
D:\EVEREST Ultimate Edition\Version 5_0_1650_0\everestultimate500.exe » INNO » file0017.bin » UPX v12_m2_dll - unpack error
D:\EVEREST Ultimate Edition\Version 5_30_1900_0\everestultimate530.exe » INNO » file0016.bin » UPX v12_m2_dll - unpack error
D:\RegRun\Version 4_60 Platinum\regrunplat.zip » ZIP » regrunplat460.exe » INNO » file0064.bin » UPX v12_m2 - unpack error
D:\RegRun\Version 6_7 Platinum\regrunplat.zip » ZIP » regrunplat!.exe » INNO » file0074.bin » UPX v12_m2 - unpack error
D:\RegRun\Version 6_7 Platinum\regrunplat\regrunplat!.exe » INNO » file0074.bin » UPX v12_m2 - unpack error
D:\TrojanHunter\Version 5_2 beta 2\TrojanHunterSetup520B2.exe » INNO » file0010.bin » UPX v12_m2_dll - unpack error
D:\TrojanHunter\Version 5_2 beta 2\TrojanHunterSetup520B2.exe » INNO » file0146.bin » UPX v12_m2 - unpack error

=====

XP-home SP3

Virus signature database: 4966 (20100322)
Update module: 1031 (20091029)
Antivirus and antispyware scanner module: 1266 (20100312)
Advanced heuristics module: 1101 (20100309)
Archive support module: 1109 (20100316)
Cleaner module: 1048 (20091123)
Anti-Stealth support module: 1017 (20100204)
SysInspector module: 1214 (20100127)
Self-defense support module : 1012 (20100208)
Real-time file system protection module: 1002 (20091207)
siljaline
March 22nd, 2010, 11:56 PM
And you are seeing this when, Jan ? From your on-demand scan log ? Or [fill in blanks... ]

Greetz,
stackz
March 23rd, 2010, 12:09 AM
Refer to the thread I started here (http://www.wilderssecurity.com/showthread.php?t=268106).
FanJ
March 23rd, 2010, 12:10 AM
-{ Quote: "And you are seeing this when, Jan ? From your on-demand scan log ? Or [fill in blanks... ]

Greetz," }-

Hi Randy,

Yes, from an on-demand scan; the examples, which I posted, are copied from the scan-log.
As I posted, these are installation files ;)
FanJ
March 23rd, 2010, 12:14 AM
-{ Quote: "Refer to the thread I started here (http://www.wilderssecurity.com/showthread.php?t=268106)." }-

Thanks stackz.
siljaline
March 23rd, 2010, 01:03 AM
-{ Quote: "Hi Randy,
Yes, from an on-demand scan; the examples, which I posted, are copied from the scan-log.
As I posted, these are installation files ;)" }- Hi Jan,
Then, based on as of yet unreplied thread, (http://www.wilderssecurity.com/showthread.php?t=268106) we await feedback from ESET based on stackz submission to: ESET. ;)
Brummelchen
March 23rd, 2010, 05:00 PM
-{ Quote: "D:\EVEREST Ultimate Edition\Version 4_60_1500_0\everestultimate460.exe » INNO » file0015.bin » UPX v12_m2_dll - unpack error" }-
special for that file - it contains not the mentioned bin
and 4.2.35 told me 228 files in it with nothing found

Check hash!
468d69aa5540cd2d233b6015fe5012ed|everestultimate460.exe

same for this one (241 files in)
ff88d08c543be7154c24795443024279|everestultimate501.1700.exe

23.03.2010 21:56:52 EVEREST Ultimate Edition 5.01.1700\everestultimate501.1700.exe 241 0 0 Completed
23.03.2010 21:52:50 EVEREST Ultimate Edition 4.60.1500 Free\everestultimate460.exe 228 0 0 Completed

Files may corrupted!

EAV
-{ Quote: "Virus signature database: 4969 (20100323)
Update module: 1031 (20091029)
Antivirus and antispyware scanner module: 1266 (20100312)
Advanced heuristics module: 1101 (20100309)
Archive support module: 1109 (20100316)
Cleaner module: 1048 (20091123)
Anti-Stealth support module: 1017 (20100204)
SysInspector module: 1214 (20100127)
Self-defense support module : 1013 (20100210)
Real-time file system protection module: 1002 (20091207)" }-
FanJ
March 23rd, 2010, 08:16 PM
Hi Brummelchen,

Thanks much!

Let's take the first one.
First the MD5 checksum:

-{ Quote: "
Check hash!
468d69aa5540cd2d233b6015fe5012ed|everestultimate460.exe
" }-

Here is mine:
The file <D:\EVEREST Ultimate Edition\Version 4_60_1500_0\everestultimate460.exe> has the following Checksum(s)
MD5 - 468D69AA5540CD2D233B6015FE5012ED

So we have the same.

But now:
There are inconsistenties with EAV4 on my system which I cannot explain.
Have a look, I scanned the file two times.

1.
First time scanned (right click, Scan with ESET NOD32 Antivirus)

228 objects scanned
nothing found

2.
Second time scanned:
now
229 objects scanned and this warning:

D:\EVEREST Ultimate Edition\Version 4_60_1500_0\everestultimate460.exe » INNO » file0015.bin » UPX v12_m2_dll - unpack error

If you have the explanation....., I don't have it ???
Brummelchen
March 24th, 2010, 01:05 PM
/me kicks request to support ;D
FanJ
March 24th, 2010, 02:03 PM
-{ Quote: "/me kicks request to support ;D" }-

Thanks (to you and Silj and Marcos) !
I have gone back to 2.70.39.
It's either me or some conflicting things on my system.
If and when I have a newer system with Win 7, I might try again.
Thanks again all and so sorry !
siljaline
March 24th, 2010, 03:48 PM
Noted and understood, Jan - best of luck. Sorry to read the new build did not pan out for you.

Greetz,
Cudni
March 24th, 2010, 03:54 PM
although too late now, couldn't you have simple excluded those folders from scanning?
FanJ
March 24th, 2010, 09:21 PM
-{ Quote: "Noted and understood, Jan - best of luck. Sorry to read the new build did not pan out for you.

Greetz," }-

Thanks Randy, and thanks much for your help !


-{ Quote: "although too late now, couldn't you have simple excluded those folders from scanning?" }-

Hi Cudni,
It wasn't the only issue I had.
I had also issues with on-demand scanning of my (huge amount of) Outlook Express emails; see DBX - internal error (5001) (http://www.wilderssecurity.com/showthread.php?t=268184)
stackz
March 24th, 2010, 10:29 PM
Refer to my post in the ESS forum, I've traced the unpack error to hardware based DEP.
siljaline
March 24th, 2010, 10:41 PM
This thread (http://www.wilderssecurity.com/showthread.php?t=268106) for continuity of this thread. Though, I don't quite see the similarity.

-{ Quote: "Refer to my post in the ESS forum, I've traced the unpack error to hardware based DEP." }-
stackz
March 25th, 2010, 12:16 AM
From my initial post:
-{ Quote: "
I've noticed in my scan logs:
*\RegScanner.exe » UPX v13_m2 - unpack error
*\CCommand.exe » UPX v12_m2 - unpack error
" }-

From the initial post in this thread:
-{ Quote: "
I'm getting several warnings on install files with respect to:
UPX v12_m2_dll - unpack error

Some examples:
D:\Acronis\Disk Director Suite\Version 9_0 Build 554\diskdirectorsuite9.0.554_s_en.exe » ZIP » snapapi.dll » UPX v12_m2_dll - unpack error
D:\Acronis\Disk Director Suite\Version 9_0 Build 554\diskdirectorsuite9.0.554_s_en.exe » ZIP » readcd.exe » UPX v12_m2 - unpack error
" }-
They look similar to me. :)
siljaline
March 25th, 2010, 12:51 AM
In retrospect, they do - unless you require assistance with this, with which I can offer no answer, how would you like to proceed ?

We may have to split some threads here to avoid confusion as to who's issue we are attempting to fix.

Regards,
Marcos
March 25th, 2010, 12:54 PM
An updated version of the archive module with the upx glitch fixed is currently being released.
siljaline
March 25th, 2010, 01:14 PM
-{ Quote: "An updated version of the archive module with the upx glitch fixed is currently being released." }-
Which would be:

Archive support module: 1110 (20100325)
FanJ
March 25th, 2010, 09:24 PM
Thanks to ESET and all others involved!
But for now I am back to 2.70.39.
Due to private circumstances I cannot tell when I'll be back and/or even test again.
Take care!

Regards,
FanJ
siljaline
March 25th, 2010, 09:40 PM
Understood, Jan ! Understand your circumstances in reverting to the 2.x build, we hope that it continues to serve you well.

All the best !
FanJ
March 29th, 2010, 10:32 PM
NOD32 2.70.39 is now doing the same.

Example:
D:\EVEREST Ultimate Edition\Version 5_30_1900_0\everestultimate530.exe »INNO »file0016.bin »UPX v12_m2_dll - unpack error

MD5 checksum:
The file <D:\EVEREST Ultimate Edition\Version 5_30_1900_0\everestultimate530.exe> has the following Checksum(s)
MD5 - CBEB65FD1F596A8ED05D767491324B23

It can be downloaded here:
http://www.lavalys.com/products.php?ps=UE&page=10&dlid=35&lang=en

=====

XP-home SP3

NOD32 antivirus system information
Virus signature database version: 4983 (20100329)
Dated: maandag 29 maart 2010
Virus signature database build: 18719

Information on other scanner support parts
Advanced heuristics module version: 1100 (20100309)
Advanced heuristics module build: 1209
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1097 (20100217)
Archive support module build version: 1241

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39