Balbuzard – Malware Analysis Tool

Balbuzard is another python tool that you can use for analyzing malware, extracting file patterns information such as IP-addresses, URL, executable files and the header. The idea of ​​the tool is that when we need to analyze the malicious or suspicious file the tool allows user to open it as a hex-editor to view the file type.
Next you can find interesting information such as the URL, IP addresses, and other embedded files. so it will provide a full information required to find the behavior of this malware beside tracking what this malicious application will do on our system. some of the feature for this tool are:

  • search for string or regular expression patterns
  • default set of patterns for malware analysis: IP addresses, e-mail addresses, URLs, typical EXE strings, common file headers, various malware strings
  • optional use of the Yara engine and Yara rules as patterns
  • provided with a large number of obfuscation transforms such as XOR, ROL, ADD (including combined transforms)
  • easily extensible with new patterns in python scripts and Yara rules, and new obfuscation transforms
  • can open malware in password-protected zip files without writing to disk
  • batch analysis of multiple files/folders on disk or within zips
  • CSV output
  • pure python 2.x, no dependency or compilation

balbuzardscreenshot for balbuzard options

You can download the tool over this link:

Notify of
Inline Feedbacks
View all comments