There is an impressive amount of commercial obfuscators for Java available on the market at the moment. As for malware, many of them use either cracked versions or demo and leaked licences. An example is the Allatori Obfuscator, which is misused by Adwind RAT.
When the obfuscator's name is confirmed (for example, by unique strings), it generally makes sense to check whether any of the existing deobfuscation tools support it. Here are some of them:
- Java Deobfuscator (https://github.com/java-deobfuscator/): A versatile project that supports a decent amount of commercial protectors
- JMD: A Java bytecode analysis and deobfuscation tool that is able to remove obfuscation implemented by multiple well-known protectors
- Java DeObfuscator (JDO): A general-purpose deobfuscator that implements several universal techniques, such as renaming obfuscated values to be unique and indicative to their data type
- jrename: Another universal deobfuscator that...
