Thread: SMD For Agile
View Single Post
  #18  
Old 05-02-2020, 14:48
CodeCracker CodeCracker is offline
VIP
  
Join Date: Jun 2011
Posts: 466
Rept. Given: 27
Rept. Rcvd 407 Times in 134 Posts
Thanks Given: 21
Thanks Rcvd at 1,889 Times in 359 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
More note on how you deal with Agile:

https://lifeinhex.com/string-decryption-with-de4dot/

For decrypting strings:
de4dot hello-3.exe --strtyp delegate --strtok 0x060004EC

0x060004EC is the string decryption method - you will have to find manually browsing in Reflector/dnspy.

Force to packer unknown on first deobfuscation:
-p un

I don't know why you have to clean that many times until it got it right (1+2):
.... _msil-cleaned-cleaned-cleaned.exe

SimpleMSILDecryptorForAgile will only decryt methods and is not an unvirtualizer.

Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.
Reply With Quote
The Following User Says Thank You to CodeCracker For This Useful Post: