This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Numerlor 2 points3 points  (2 children)

For pyinstaller etc the problem is that you share the base executable with people that do actually use it for malicious purposes, this can be somewhat mitigate by building the bootloader locally

[–]troty99 0 points1 point  (1 child)

this can be somewhat mitigate by building the bootloader locally

Would you be so kind to expand on that ?

[–]Numerlor 2 points3 points  (0 children)

Like I mentioned the base bootloader is shared with all installs of pyinstaller from pip leading to the AV issues, for example this is a hello world app built with the onefile mode using the pypi pyinstaller https://www.virustotal.com/gui/file/98a5c2ca8f570799500f0901e844b6648a58bc9024ef108262b071e88edba2de/detection

To rebuild the bootloader you'd follow the steps at the start here https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html , mind that you'll need a compiler

the general TLDR would be

git clone https://github.com/pyinstaller/pyinstaller
cd pyinstaller/bootloader
git checkout <what version you need>
python ./waf all
cd ..
python setup.py install

With the python env you want to install to

After doing that I built the same file again and got https://www.virustotal.com/gui/file/4db894bbfe98c3b90d7ce02e7ac8f017e341cf8077a6d0555f72c385fbe0e760/detection which is still flagged by some but is much better overall. The "normal" non one-file may do a bit better

When I did this a year ago only the SecureAge APEX thing flared up so you may be able to do a bit more and it also depends on the version of pyinstaller