Jump to content
Usr6

Balbuzard – Malware Analysis Tool

Recommended Posts

Balbuzard is another python tool that you can use for analyzing malware, extracting file patterns information such as IP-addresses, URL, executable files and the header. The idea of the tool is that when we need to analyze the malicious or suspicious file the tool allows user to open it as a hex-editor to view the file type.
Next you can find interesting information such as the URL, IP addresses, and other embedded files. so it will provide a full information required to find the behavior of this malware beside tracking what this malicious application will do on our system. some of the feature for this tool are:

  • search for string or regular expression patterns
  • default set of patterns for malware analysis: IP addresses, e-mail addresses, URLs, typical EXE strings, common file headers, various malware strings
  • optional use of the Yara engine and Yara rules as patterns
  • provided with a large number of obfuscation transforms such as XOR, ROL, ADD (including combined transforms)
  • easily extensible with new patterns in python scripts and Yara rules, and new obfuscation transforms
  • can open malware in password-protected zip files without writing to disk
  • batch analysis of multiple files/folders on disk or within zips
  • CSV output
  • pure python 2.x, no dependency or compilation

balbuzard-900x284.jpg

 

You can download the tool over this link: https://bitbucket.org/decalage/balbuzard/downloads

 

Sursa: http://www.sectechno.com/balbuzard-malware-analysis-tool/

  • Upvote 1
  • Downvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...