Run the file in dnSpy's debugger. When the breakpoint hits, look at the locals or use the "Invert Call Stack" to read the decrypted plain-text strings directly from memory. B. Fixing Control Flow (Flattening)
confuserex-unpacker-2.exe sample.exe -o cleaned_sample.exe confuserex-unpacker-2
Basic syntax: confuserex-unpacker-2.exe malware.exe output_clean.exe Run the file in dnSpy's debugger
It can trace through messy, "spaghetti" code logic meant to confuse human analysts. confuserex-unpacker-2