This proof of concept (PoC) project emphasizes the potential risks associated with InnoSetup installers. Such installers should always be regarded with caution. They can not only harbor malware but it's also possible to construct a fully functional piece of malware utilizing their embedded scripting engines.

In this PoC, we delve into the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom.

2 years, 10 months ago