Malware Analysis - Unpack and Decompile PyInstaller Malware

x8OtmBoCyw4/default.jpg

We unpack and decompile a malware that was written in Python and transformed into an executable with PyInstaller. In order to do that we have to fix the header of the main script.

Follow me on Twitter: @struppigel

Previous video about Python decompiling: https://www.youtube.com/watch?v=r6BtA...
Structure of .pyc files: https://nedbatchelder.com/blog/200804...
How to setup Python and Uncompyle6: https://youtu.be/AkrAhUbCod0
Sample VirusBay: https://beta.virusbay.io/sample/brows...
Sample Hybrid-Analysis: https://www.hybrid-analysis.com/sampl...

pyinstxtractor: https://sourceforge.net/projects/pyin...
Easy Python Decompiler: https://sourceforge.net/projects/easy...
PortexAnalyzer: https://github.com/katjahahn/PortEx/t...
HxD: https://mh-nexus.de/en/hxd/



x8OtmBoCyw4/default.jpg
Malware Analysis - Unpack and Decompile PyInstaller Malware Malware Analysis - Unpack and Decompile PyInstaller Malware Reviewed by Anonymous on January 17, 2018 Rating: 5