Packed & Obfuscated Binary Analysis

Malware and protected software routinely pack or obfuscate their code. The binary on disk is not what runs in memory. Understanding packer behaviour — how to detect packing, how to follow the unpacking process, how to dump the unpacked code, and how to approach VM-based obfuscation — is required for analysing any modern malware sample.