Is it possible to unpack/deopfuscator Eazfuscator?

I searched several boards but found no answer.

Post a target exe please.

This is a simple target.
I attached the obfuscated and non obfuscated program.
http://ul.to/6xrzom

As far as I can see Eazsfucator replaces strings by integers, which link to decrypted strings in the resources.

It would be great if you can show me howto deobfuscate this assembly.

Recovering strings was simple. Just use SimpleAssembly Explorer

Link: http://simple-assembly-explorer.googlecode.com/files/SAE.v1.10.1.7z


All you have to do is right click the app, go to 'deobfuscate', and then uncheck everything except 'Automatic' for strings. App runs fine afterwards.


Here is a package with the deobbed exe also: http://www.sendspace.com/file/5hvp13

Thanks, works great.

waiting for the answer too~i also want to ask this question.

Did you read any of the thread? I answered the question.

Hello guys ,

I would greatly appreciate if someone could unpack/deob it for me .

It seems packed/obfuscated assembly with Eazfuscator.
Because the target came with obfuscator "Eazfuscator.NET.exe" which is inside in "resources" folder .

But it shows as "Visual C++" on PEID & PID . :confused:
Then i dumped files with "NET domain dumper" tool while application running . Oh , found 5 files .
And scanned all of them with PID .
But PID Said : NET Reactor 3.xx :confused:

So both Eaz & Net Reactor are currently very hard to me :( .
Thank you , guys .

http://www.2shared.com/file/C18AUlP7/SeemsEazfuscatorOrNetReactor.html

Basically, the normal Crypkey site code has 18 digits.
Sometimes the site codes can be obfuscated and the digit will be more than 18 digits, this site code was obfuscted.
how to deobfuscated the site code
and how to generate site key
site code : B6B4 CD6A EEBB 68E1 B679 B0B6

thanks in advance