NsPack is a commercial packer sold by North Star Software. NsPack is quite a common packer used in malware, with the packing usually done with cracked and pirated versions of the software. When taking a look at the entrypoint of NsPack we see a jmp command followed with pushf and pusha:
So, once again let’s look for matching series of popa and popf:
Set a breakpoint on the jmp command, and press F9 to run to the target. Singlestep through it, and you’ll find yourself at the original entrypoint. Just dump the memory image and you’re ready to analyze.