0

I would like to statically sign a malware, specifically MSIL Crypter, with a YARA rule. I want to sign specific functions (Assembly.Load for example) but I couldn't find an informative documentation about how to disassemble a .NET binary into CIL which will help me understand which sequence of bytes to sign. Would be glad to get some help with it.

  • 2
    I think this question should be moved to Stackoverflow, and I have voted to have it closed and migrated. Regardless of the scope (malware research), the question is "How do I disassemble a .NET binary?" which is better suitable for SO. Anyway, I will start from a decompiler like Dotpeek, ilSpy, JustDecompile... – usr-local-ΕΨΗΕΛΩΝ Sep 22 '19 at 15:25
  • 2
    Welcome to Security, before I forget. Please, do not consider my request to close the question as a criticism, but rather a way to help you get an answer faster from a community that daily works with programming and disassembling – usr-local-ΕΨΗΕΛΩΝ Sep 22 '19 at 15:25
  • Possible duplicate of [Open Source Alternatives to Reflector?](https://stackoverflow.com/questions/2425973/open-source-alternatives-to-reflector) – riQQ Oct 04 '19 at 13:35

0 Answers0