Some services like virustotal detect common packers and try to unpack the executable before running a yara during a livehunt
For example the upx packer has a feature to unpack: upx -d {{path/to/file}}
There is some online service you can try to unpack:
- https://www.unpac.me/#/![[file investigation.canvas]]