I've recently started to delve into the world of Malware analysis and last night while I was taking a break, I received a suspicious link via Steam. Opened a VM to investigate the link and as expected, it's a random 'image' disguised as a .exe so, Using ExeInfo PE, I looked at it briefly. Here's what I've got.
Stat - Zero byte test Diagnose: Packed
Image is 32bit executable Microsoft Visual C# / Basic.NET
Using the unpack info, I grabbed .NET Reflector and installed the Add-In 'FileDisassembler'. When I opened the suspicious .exe, .NET Reflector throws out the error 'Module contains multiple #Strings heaps". Before attempting to diagnose the issue I jumped over to ILSpy to see what that could give me and again, it's giving out nothing.
Being new to this, I'm expecting to have missed something rather obvious and would really appreciate any input on this issue. I'm assuming there's either an issue with the Reflector/ILSpy installs or I'm missing something really obvious about this file which is resulting in decompile errors.
Thanks.
that is because the file (.exe) has been obsfuscated. ;)
RépondreSupprimer