Skip to content

lowlevel01/deGremlin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
images
images
 
 
obj
obj
 
 
LICENSE
LICENSE
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
Utils.cs
Utils.cs
 
 
degremlin.csproj
degremlin.csproj
 
 

Repository files navigation

deGremlin

A tool to decrypt and patch strings obfuscated with Appfuscator. Tested on Gremlin Stealer.

Clown

USAGE


       __          ______                              __    _
      |  ]       .' ___  |                            [  |  (_)
  .--.| | .---. / .'   \_| _ .--.  .---.  _ .--..--.   | |  __   _ .--.
/ /'`\' |/ /__\\| |   ____[ `/'`\]/ /__\\[ `.-. .-. |  | | [  | [ `.-. |
| \__/  || \__.,\ `.___]  || |    | \__., | | | | | |  | |  | |  | | | |
 '.__.;__]'.__.' `._____.'[___]    '.__.'[___||__||__][___][___][___||__]
                                                                        P.S: little bit Appfuscator

Usage:
degremlin.exe [filepath] [method_token_in_hex]

Example

This is from the Gremlin Stealer sample

IT DOES

  • Patch most obfuscated strings
  • Simplify Addition and XOR mixed boolean arithmetic
  • Eliminate sizeof's
  • Eliminate EmptyType

TO-DO

  • Patch terneary operator
  • Cover more patterns

About

Decrypt and Patch strings obfuscated with Appfuscator. Tested on Gremlin Stealer.

Topics

deobfuscator appfuscator gremlin-stealer

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 beta Latest
Jul 2, 2025

Packages

No packages published

Languages