Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: py2exe Decompiling - Part 1 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
py2exe Decompiling - Part 1

This malware sample is written in Python and compiled to a .exe file with py2exe (we also wrote diary entries about Python malware compiled with PyInstaller).

Looking at the resources with, we see a PYTHON27.DLL resource and a PYTHONSCRIPT resource:

Executables compiled with py2exe for Python 2.7 can be reversed with unpy2exe.

Didier Stevens
Microsoft MVP Consumer Security


649 Posts
ISC Handler
Jan 1st 2017

Sign Up for Free or Log In to start participating in the conversation!