Published on January 2nd, 2018 📆 | 8624 Views ⚑
0Malware Analysis – Unpack and Decompile PyInstaller Malware
iSpeech.org
We unpack and decompile a malware that was written in Python and transformed into an executable with PyInstaller. In order to do that we have to fix the header of the main script.
Follow me on Twitter: @struppigel
Previous video about Python decompiling: https://www.youtube.com/watch?v=r6BtA8p8kRU&t=755s
Structure of .pyc files: https://nedbatchelder.com/blog/200804/the_structure_of_pyc_files.html
How to setup Python and Uncompyle6: https://youtu.be/AkrAhUbCod0
Sample VirusBay: https://beta.virusbay.io/sample/browse/2510851a7cead4b8c79d0a6d35f8e824?q=5a1dca43c977a40fac4e0a58
Sample Hybrid-Analysis: https://www.hybrid-analysis.com/sample/53854221c6c1fa513d6ecf83385518dbd8b0afefd9661f6ad831a5acf33c0f8e?environmentId=100
pyinstxtractor: https://sourceforge.net/projects/pyinstallerextractor/
Easy Python Decompiler: https://sourceforge.net/projects/easypythondecompiler/
PortexAnalyzer: https://github.com/katjahahn/PortEx/tree/master/progs
HxD: https://mh-nexus.de/en/hxd/
2018-01-02 19:26:03
source
Gloss