To unpack the binary packed with a packer, we normally perform the following general steps:

1.  The first step is to identify the OEP; as mentioned previously, when a packed binary is executed, it extracts the original binary, and at some point, it transfers control to the OEP. The original entry point (OEP) is the address of the malware's first instruction (where malicious code begins) before it was packed. In this step, we identify the instruction in the packed binary that will jump (lead us) to the OEP.
2. The next step involves executing the program until the OEP is reached; the idea is to allow the malware stub to unpack itself in memory and pause at the OEP (before executing malicious code).
3. The third step involves dumping the unpacked process from the memory to disk.
4. The final step involves fixing the Import Address Table (IAT) of the dumped file.

In the next few sections, we will look at these steps in detail. To demonstrate the previous concepts, we will use a malware packed with the UPX packer (https://upx.github.io/). The tools and techniques covered in the next few sections should give you an idea of the manual unpacking process.