Malware does not discriminate and makes an effort to infect any platform or technology of choice in order to achieve its goal. In terms of malicious vectors, even .NET, Java jar executable files, Visual Basic executables (P-Code and Native Code), as well as Delphi executables, are all very well utilized for many kinds of malware.
VB code is particularly well used for thwarting reverse engineering as all the calls begin with a single point of contact – the visual basic runtime dll. Additionally, VB comes in two flavors – P code or pseudo code can be analyzed and source code decompiled to a degree. Native code presents familiar problems in decompilation technology and only analysis is a realistic expectation and not full source code analysis. https://www.vb-decompiler.org/ is the best VB decompiler as of now.
.NET files is a relatively well-researched and documented technology and a bevy of decompilers exist for this. The source code can be recompiled straight from the decompiled listings, called Intermediate Language (IL). Obfuscation does exist, which results in strings being scrambled, and function names and variable symbols having ambiguous names. This further discourages reverse engineering and can defeat decompilation as well. Most of the tools shared in the following list are of the drag-and-drop kind. They give a byte code or intermediate language textual representation along with the rich metadata, which results in quite a good source code representation from the target binary.
- http://www.red-gate.com/products/dotnet-development/reflector/
- http://www.netdecompiler.com/
- http://decompiler.net/
- Megadumper (register at https://exelab.ru/f/index.php?action=vthread&forum=3&topic=20686)
- https://www.nulled.io/topic/2418-megadumper-dotnet-10-by-codecracker-snd/
- https://forum.tuts4you.com/topic/31899-unpackers-tools-source-code-c/
- https://github.com/0xd4d/de4dot
Delphi files can be successfully decompiled using DeDe, the Delphi decompiler tool.
The Java jar files, which are zip files, and the .class format are very well documented. Reverse engineering Java files has boiled down to a specific set of mappings that have enabled a very high degree of source code recovery possible from compiled Java executables. Jad (Java decompiler, available at http://jd.benow.ca/) is one of the best decompilers for Java. Java decompilers are also useful for Android malware analysis as the android binaries are essentially Java .class files re-structured as a single .dex file, which is inside a zip file renamed as a .apk package. To get a more detailed account of this process in a book you can read Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, Alex Kalinovsky.