[Vesalius]

Why is finding OEP simpler with UPX and more difficult with other specimens?
How much more difficult is it with other malware, that use other things other than UPX, and what are some examples of them?

What is the main function of OEP ?

[R136a1]

OEP stands for original entry point and describes the entry point of the (original) unpacked file. When you open a packed file in a debugger/disassembler, you're at the entry point of the packed version. When you manage to unpack it you should be at the OEP.

UPX is simple to unpack because it's meant to be a pure packer to shrink PE files. It's not meant to by used by malware to protect their stuff from reversing. It doesn't have any protecting features like junk code, anti debugging, etc.