Python Malware - Part 4
You don't always get a text file with source code when you extract Python code from a PyInstaller-produced EXE.
I produced the following Python code including shellcode, and generated an EXE with PyInstaller:
Then I extract the Python code:
This time, the extracted shellcode file doesn't contain Python source code:
It's actually compiled Python bytecode.
Add the following 8 bytes to the beginning of the file and save it as shellcode.pyc:
Now you can use a Python bytecode decompiler like Easy Python Decompiler:
Here is the recovered source code (shellcode.pyc_dis):
Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
ISC Stormcast For Monday, July 25th 2016 http://isc.sans.edu/podcastdetail.html?id=5095
×
Diary Archives
Comments