what is UPX's best compression method

9k views Asked by At

I Have been trying out different EXE packers recently. I tried out ASPack, UPX, mPress etc.. While trying out half a dozen packers, i observed that most of the packed EXE's can trigger false virus signatures. Even UPX is no exception. Still, my choice is UPX. Can anybody, please, suggest me what is the best possible compression / packing method available in UPX.?

I am quite satisfied with UPX --lzma myEXE.eXE still, would love to hear for you people on this. I am not comfortable with UPX --ultra --brute myEXE.EXE since it eats up hours to do the trick.

1

There are 1 answers

5
Arnaud Bouchez On BEST ANSWER

I used UPX a lot, and there was not a big difference between the versions.

The latest --lzma setting produces very good results, and --ultra --brute is indeed not worth the time spent. At best, 1% of better compression rate... you should better subsample your internal bitmaps or refactorize the code.

But, especially with Delphi applications, I do not use UPX any more. You spoke about anti-virus software false positive, and it is a huge problem. For instance, it sounds like if some "cheap" anti-virus software introduced very simple (and false) heuristic patterns, like "UPX+Delphi=potential malware" or "Delphi+size<300KB=potential malware".

If you try to submit such executable files to http://virustotal.com, you'll find out that about 8% of the anti-virus engines are doing such wrong guess.

I've seen some of my web sites flagged as "malware URI", because of this. I've seen some customers complaining about my deliveries to be infecting their computers. Not worth it.

To reduce the executable size, I therefore rely rather: