Deobfuscating Unknown C# obfuscator?

Question

Hello,

I am having an exe file that I am trying to deobfuscate and debug using dnspy. The exe file was written in C# and obfuscated with unknown deobfuscate according to de4dot! I tried to all my known methods to procced but still I was not able to fully deobfusticated it.

Analysing the File

- Exeinfo PE

I tried to analysie the file with exeinfope to check which obfustactor was used but I only got [obfus/crypted].

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 [ Obfus/Crypted- StrongName set ] - EP Token : 06000080 , Overlay : 403900... Nothing discovered

- Dnspy

Opening the file in dnspy but the code wasn't readable, especially the methods and the functions name are in unicode form.

My Attempts:

Tried to deobfustace the file with de4dot, but I get "Detected Unknown Obfuscator" followed by an error.
Tried a modded version of de4dot, and I was able to deobfustacte the exe,but all functions shown as "delegate". The exe file was detected as "Unkown Obfustactor" as well, but managed to cleaned it.
Tried to debug the cleaned verison but when I start dnspy I get an exception (System.NullReferenceException)

My Questions:

Which obfustactor was used ?
Why all functions are defined as "delgate"?
Why did I get the null exception while debugging

Thanks...

UPDATE 20/08/2020

While looking through the code, I found that all "delegate" calls are referred to a function which takes an intger but I couldn't find any obvious return from this function, what I do think it returns the function and method name but... HOW!!

I do not know which one specifically, but perhaps one of the deobfuscators aside from de4dot can help? - https://github.com/NotPrab/.NET-Deobfuscator — Col-E, Aug 20 '20 at 05:49
Thanks, but still I haven't accomplished anything with the list, but it's a really good list to keep.. I appreciate it. — mo5br, Aug 20 '20 at 20:15
I have the same problem, I have tried many tools, but after deobfuscation, the program doesn't work — mike bria, Dec 01 '21 at 07:50
Can you take a TTD trace of the app launching? https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-overview This could be used to analyze what is going on, but it may or may not work, and needs some familiarity with windbg and the sos/sosex extensions to use effectively — chentiangemalc, Apr 27 '22 at 07:51
This looks like a crypto obfuscator assembly, get in touch with me and i might be able to run a tool i developed to deob this kind of obfuscated code. — Mastercodeon, Apr 27 '22 at 07:36
Welcome to RE.SE. This is a stack exchange site and not a forum - This section should only be used to post answers. I'm marking this post as "Not an Answer". — sudhackar, Apr 28 '22 at 08:37