I'm doing malware analysis on a file which uses pyinstaller. I've extracted the PYZ file and am trying to pull out the .py file. When I run archive_viewer on the PYZ, the only names that are listed are either default python libraries, or freely available scripts (i.e. I can google and find them). I know by observing the behavior that the file does bad stuff, but I don't see any files in the PYZ which appear to be responsible for this behavior. I know it is possible that they are using a name of a common library to hide the "bad stuff", but based on the lack of sophistication, I highly doubt it.
Can anyone explain this, or suggest something else I can try? Thanks, LJ -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pyinstaller. For more options, visit https://groups.google.com/groups/opt_out.
