Reverse Engineering [Video] What code is executed before .NET main() and how does malware abuse it


Thread author
Staff Member
Apr 9, 2020
The main() method in .NET applications is considered as the entry point. But it is not the first thing being executed, which is purposefully used to deter reverse engineers. We write Intermediate Language assembly code to find out what is actually executed before main() in a .NET assembly.

00:00 Intro
00:19 Writing a Hello World in IL
02:43 Adding a static constructor
04:28 Adding a module constructor
05:24 ConfuserEx sample abusing module constructor
08:12 Washi - What really is the Entry Point of a .NET Module

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.