This malware sample is written in Python and compiled to a .exe file with py2exe (we also wrote diary entries about Python malware compiled with PyInstaller).

Looking at the resources with pecheck.py, we see a PYTHON27.DLL resource and a PYTHONSCRIPT resource:

Executables compiled with py2exe for Python 2.7 can be reversed with unpy2exe.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
NVISO

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM BigFix Remote Control CVE-2016-2932 Security Bypass Vulnerability
 
IBM Tivoli Remote Control CVE-2016-2931 Information Disclosure Vulnerability
 
Multiple Symantec Products CVE-2016-6590 DLL Loading Local Privilege Escalation Vulnerability
 
Internet Storm Center Infocon Status