A new malware variant dubbed “PDFly” is abusing a heavily modified PyInstaller stub to hide its Python bytecode, forcing analysts to reverse-engineer a custom decryption routine before any meaningful analysis can begin. A closely related sample, “PDFClick,” shows almost identical behavior, suggesting a small family of PyInstaller-based droppers that deliberately break standard tooling. Both samples […]

The post PDFly Variant Uses Custom PyInstaller Tweaks to Obfuscate Payload, Thwarting Analysis appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/pyinstaller-tweaks/