This PoC project demonstrate the dangerousness of InnoSetup installers. Installers should never be trusted, not only it can contain Malwares, it is also possible to entirely code a complete and functional Malware using their embedded scripting engines.

In this PoC, we explorer the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom