Focus on runtime tracing. Set breakpoints on key APIs (registry, file, network) and let the protected software run. You don’t need a clean unpack to understand malicious behavior.
You must target a specific version of Virbox. The VM handlers change with every minor update. Your unpacker will break next week.
The program runs but exits immediately. Cause: You missed a licensing check inside the VM. The code calls ExitProcess from within the virtualized section. Solution: Set a breakpoint on ExitProcess at the very beginning. When hit, backtrack to the virtualized code and patch the conditional jump (usually a jnz or jz leading to the VM exit).
push 0x1A3F call 0x0BFA3020 That call jumps into the Virbox VM handler. Inside the VM, there are no standard opcodes. Unpacking does not restore these functions to x86 code.