Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass detection and thwart analysis. This blog details a few different tools and methodologies that can be used to analyze such files.
In this post, I provide step-by-step instruction on how to unpack an executable that has been packed with a VB5 Packer. I will also cover the bypassing of multiple anti-analaysis controls that were implemented by the packer. The result is a fully functional unpacked executable.