How about an executable in its unpacked state?

Now that we have an executable file from Volatility, running this back in our Windows guest sandbox gives us the following message:

Remember that the packed executable has its own PE header and stub and not that of the original host's. The header, stub and compressed data were directly mapped to the process space. Every API function was dynamically imported. Even with the code and data decompressed, the entry point set in the header is still of the packed executables and not of the original hosts.  

Fortunately, x86dbg has a plugin known as Scylla. After reaching the original entry point, which ...

Get Mastering Reverse Engineering now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.