Hey guys! Just released a tool named ✨ pydotNetCLI ✨ that make my life easier when extract the resource file from dotNet malware samples as we know dotNet resource file stored inside dotNet CLI header which is not from the .rsrc
section of the PE file. In this initial version, I will just focusing on the resource extraction and hopefully will add more header information or functions if time allows.
The initial intention of this tool just to improve my understanding on the dotNet CLI header structure, but it ends up as a resource extractor 🤣.
Screenshot
Will make a explanation on how I parse it in the next blog post!
Next blog post over HERE!!