A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #33190  by Vesalius
 Sun Sep 15, 2019 1:34 pm
Why is finding OEP simpler with UPX and more difficult with other specimens?
How much more difficult is it with other malware, that use other things other than UPX, and what are some examples of them?

What is the main function of OEP ?
 #33192  by R136a1
 Thu Sep 19, 2019 7:38 am
OEP stands for original entry point and describes the entry point of the (original) unpacked file. When you open a packed file in a debugger/disassembler, you're at the entry point of the packed version. When you manage to unpack it you should be at the OEP.

UPX is simple to unpack because it's meant to be a pure packer to shrink PE files. It's not meant to by used by malware to protect their stuff from reversing. It doesn't have any protecting features like junk code, anti debugging, etc.