We unpack and decompile a malware that was written in Python and transformed into an executable with PyInstaller. In order to do that we have to fix the header of the main script.

Follow me on Twitter: @struppigel

Previous video about Python decompiling: https://www.youtube.com/watch?v=r6BtA...
Structure of .pyc files: https://nedbatchelder.com/blog/200804...
How to setup Python and Uncompyle6: https://youtu.be/AkrAhUbCod0
Sample VirusBay: https://beta.virusbay.io/sample/brows...
Sample Hybrid-Analysis: https://www.hybrid-analysis.com/sampl...

pyinstxtractor: https://sourceforge.net/projects/pyin...
Easy Python Decompiler: https://sourceforge.net/projects/easy...
PortexAnalyzer: https://github.com/katjahahn/PortEx/t...
HxD: https://mh-nexus.de/en/hxd/