-
-
Save ryan-weil/8fbcc25f2fbc2fed66af293b5f44a255 to your computer and use it in GitHub Desktop.
Deobfuscator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Copyright (C) 2011-2015 de4dot@gmail.com | |
This file is part of de4dot. | |
de4dot is free software: you can redistribute it and/or modify | |
it under the terms of the GNU General Public License as published by | |
the Free Software Foundation, either version 3 of the License, or | |
(at your option) any later version. | |
de4dot is distributed in the hope that it will be useful, | |
but WITHOUT ANY WARRANTY; without even the implied warranty of | |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
GNU General Public License for more details. | |
You should have received a copy of the GNU General Public License | |
along with de4dot. If not, see <http://www.gnu.org/licenses/>. | |
*/ | |
using System.Collections.Generic; | |
using de4dot.blocks.cflow; | |
namespace de4dot.code.deobfuscators.AgentTesla | |
{ | |
public class DeobfuscatorInfo : DeobfuscatorInfoBase | |
{ | |
public const string THE_NAME = "AgentTesla Obfuscator"; // Obfuscator name | |
public const string THE_TYPE = "agt"; // Obfuscator short name | |
const string DEFAULT_REGEX = @"(^<.*)|(^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)"; | |
public DeobfuscatorInfo() | |
: base(DEFAULT_REGEX) { | |
} | |
public override string Name => THE_NAME; | |
public override string Type => THE_TYPE; | |
public override IDeobfuscator CreateDeobfuscator() => | |
new Deobfuscator(new Deobfuscator.Options { | |
RenameResourcesInCode = false, | |
ValidNameRegex = validNameRegex.Get(), | |
}); | |
} | |
public class Deobfuscator : DeobfuscatorBase | |
{ | |
internal class Options : OptionsBase | |
{ | |
} | |
public override string Type => DeobfuscatorInfo.THE_TYPE; | |
public override string TypeLong => DeobfuscatorInfo.THE_NAME; | |
public override string Name => DeobfuscatorInfo.THE_NAME; | |
public override IEnumerable<IBlocksDeobfuscator> BlocksDeobfuscators | |
{ | |
get | |
{ | |
var list = new List<IBlocksDeobfuscator>(); | |
list.Add(new Unflattener(this)); | |
return list; | |
} | |
} | |
internal Deobfuscator(Options options) | |
: base(options) { | |
} | |
protected override void ScanForObfuscator() { | |
} | |
protected override int DetectInternal() { | |
return 0; | |
} | |
public override IEnumerable<int> GetStringDecrypterMethods() => new List<int>(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment