De4dot

From aldeid
Jump to navigation Jump to search

Description

.NET deobfuscator and unpacker.

Installation

Download links:

Examples

C:\_malware\de4dot>de4dot.exe ..\YUSoMeta.exe

de4dot v3.1.41592.3405 Copyright (C) 2011-2014 [email protected]
Latest version and source code: https://github.com/0xd4d/de4dot
21 deobfuscator modules loaded!

Detected SmartAssembly 6.9.0.114 (C:\_malware\YUSoMeta.exe)
Cleaning C:\_malware\YUSoMeta.exe
Renaming all obfuscated symbols
Saving C:\_malware\YUSoMeta-cleaned.exe

de4dot won't be able to unpack/deobfuscate Confuser packer and you will have to go through a long manual process as decribed here: http://www.scribd.com/doc/207710371/NET-Decrypt-Confuser-1-9-Methods

C:\_malware\de4dot-v3-1>de4dot.exe "..\Reverse Me! 4.exe"

Latest version and source code: http://www.de4dot.com/
21 deobfuscator modules loaded!

Detected Confuser (not supported) (C:\_malware\Reverse Me! 4.exe)
Cleaning C:\_malware\Reverse Me! 4.exe
Renaming all obfuscated symbols
Saving C:\_malware\Reverse Me! 4-cleaned.exe