CLICK HERE >> https://urllio.com/2tlyoq
Dump that exe from runtime using jitDumper3/MegaDumper ( the output will be .NET insted of c++) , And then use your dumped file with de4dot (or Fix the dumped exe which has invalid metadatas! You might try \"universal fixer\" for that.
The DLL is a simple injector based on .NET. The DLL is usually obfuscated with .NET Reactor which can be easily deobfuscated using de4dot. There is only one exported method that takes the two arguments mentioned above and deploys the malware payload into the target process.
de4dot is a wonderful tool for deobfuscating known and unknown .NET protections. Dealing with known and supported protections is easy - drag&drop executable on de4dot and it will create deobfuscated assembly. Removing unknown protections is a little bit harder and requires supplying correct command-line parameters to de4dot.
If you check de4dot help, you'll see that you need to supply 2 command line options for a string decryption to work. First, you need to choose a string decrypter type using --strtyp option: static, delegate, emulate. Then you need to tell de4dot which is string decrypter method using --strtok option.
In this article explained how to use de4dot to decrypt strings in any .NET assembly, including some lesser known options. Hope this helps you next time you encounter .NET protection that's not directly supported by de4dot. smile
Because of simplicity of decompiling programs created for .NET Framework, many security tools were created, of course we are talking here about obfuscators that remove meta data from compiled programs, are able to modify IL code, encrypt text strings etc. If we come across such a program, we should familiarize ourselves with de4dot deobfuscator, that is able to automatically remove protections used by dozens of obfuscator types.
Free alternative for commercial.NET Reflector developed by Telerik known for UI components. Free doesn't mean worse, it has built-in reference search engine, generating projects from decompiled sources ability as well as support for plugins, including de4dot deobfuscator plugin. 59ce067264