[tr4cefl0w]

You’re totally right about Yara. Unfortunately I skimmed through the article pretty fast before commenting as I was on a rush when I read it and missed this part. Just finished a second read, great article and well detailed. But my point about detection is more about the good old VirusTotal submission.

As for Nuitka, I was not able to make it work but I will try again. The alternative I also tried in the past was using Cython to generate C code then compile it but because it requires packaging Python std libs Dlls it was too much trouble and I ran into crashes when running.

I also had bad experiences when using packers because they have a tendency to trigger AV detection just for being packers, like ASProtect. Python malware is definitely a topic that deserves more in depth dive.

Good work!