Python decompiler exe

Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 8 years, 9 months ago. Active 2 years, 9 months ago.

Viewed 97k times. Improve this question. Ange 6, 2 2 gold badges 25 25 silver badges 62 62 bronze badges.

Mick Mick 7, 3 3 gold badges 22 22 silver badges 38 38 bronze badges. The purpose of generating an EXE with PyInstaller is so that the systems you run it on do not require the existence of a Python interpreter or any 3rd party modules you may be using. Add a comment. Active Oldest Votes. PYCs - I personally recommend Uncompyle2 for that. Improve this answer. Several YARA rules are available to determine if the executable is written in python This script also confirms if the executable is created with either py2exe or pyinstaller.

Skip to content. Star Branches Tags. Could not load branches. Could not load tags. Latest commit. Luke Jennings License update. License update. However, if an exe involves dozens or even hundreds of Python scripts that need to be decompiled, the workload of manual operation is too huge. We consider implementing the above process in Python to achieve the effect of batch decompilation. Programmer Group A programming skills sharing group.

Then enter cmd in the directory where exe is located to execute: Python pyinstxtractor. However, if the script detected any encrypted bytecode, it will ask whether it should proceed with the decryption process Figure 7.

Once everything is unpacked, it will proceed with decompiling all the extracted Python byte code by using uncompyle6. Use only one option either -i or -p optional arguments: -h, --help show this help message and exit -i INPUT exe that is packed using py2exe or pyinstaller Use -o to specify the output directory -o OUTPUT folder to store your unpacked and decompiled code. Figure 6 PyInstaller has an option that can encrypt the Python bytecode bundle together with the exe usually, other modules are required by the main Python file.

Extracting as is. Decrypt it? Figure 9 Real World Example To demonstrate how the script can be used in the real world, we will test it against a Triton malware sample.

Download the sample by using the hash found [ 1 ]. SHA1: dc81fe0cf9f1dabfe03fc Run the script with the input as the sample we mentioned above. As we can see from our text editor, the Python code is retrieved and decompiled successfully.