Open Analysis Live! We use the IDA Pro debugger and some API hooks to unpack a Visual Basic (VB6) packed sample and demonstrate a few tricks along the way. This is a re-uploaded classic from our old channel. Expand the description for more details...

Go check out this fantastic blog post from @R3MRUM on unpacking VB5 packers, it's worth the click!
https://r3mrum.wordpress.com/2017/06/07/defeating-the-vb5-packer/

This is also a great presentation (video) from Juriaan Bremer & Marion Marschalek with some additional background on VB6:
https://www.youtube.com/watch?v=RiBdm668lAk

VB6 packed malware sample:
SHA256: fc4f695752f8eb20b17689e60a7161a43665fa3455dc379aeb2a251838eb4da6
https://malshare.com/sample.php?action=detail&hash=e5e8b3f740dc41ef00d397f46debc867

Unpacked payload (note this is also packed, we don't demonstrate how to unpack this in the video):
SHA256: e5e463196d360df14b1bd6e8bc67836cc9d6a78a92d3ded67ca5713788643d22
https://malshare.com/sample.php?action=detail&hash=eebd3f633ea14a4144597bf496e45aeb

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at http://www.openanalysis.net