You should download dnSpy or ILSPy. dnSpy is nicer and it also has a debugger which allows you not only to decompile C#/.NET code, but it even allows you to edit it, rebuild it, place breakpoints and run, etc… If it’s obfuscated, get de4dot and drag the file onto de4dot first, then use dnSpy after.
I recently started working with IDA. I do it as follow:
Start with strings. Helps you find out Unicode and ASCII strings from binary. With wannacry sample I was able to see a potential zip password and potential bitcoin wallet addresses.
Use PEView to figure out the imports and exports. Imports will help you to get and idea about what the malware is trying to do.
Resource hacker can help you extract if anything is there in the resource section. With wannacry I was able to extract a password protected zip file from resource section.
Now I open the file with IDA and start tracking down functions that are calling the interesting imports listed down using PEView. Normally the binary will contain hell lot of functions and you cannot go through each and every function and you should not. Once you track down interesting functions, you can analyse them and rename them according to your understanding.
Once you are done with it, you can look at the function calls tree in IDA that can them reveal what a program is trying to do.
I’m pretty new to this. Suggestions and corrections are welcome.