Balbuzard – Malware Analysis Tool
Balbuzard is another python tool that you can use for analyzing malware, extracting file patterns information such as IP-addresses, URL, executable files and the header. The idea of the tool is that when we need to analyze the malicious or suspicious file the tool allows user to open it as a hex-editor to view the file type.
Next you can find interesting information such as the URL, IP addresses, and other embedded files. so it will provide a full information required to find the behavior of this malware beside tracking what this malicious application will do on our system. some of the feature for this tool are:
- search for string or regular expression patterns
- default set of patterns for malware analysis: IP addresses, e-mail addresses, URLs, typical EXE strings, common file headers, various malware strings
- optional use of the Yara engine and Yara rules as patterns
- provided with a large number of obfuscation transforms such as XOR, ROL, ADD (including combined transforms)
- easily extensible with new patterns in python scripts and Yara rules, and new obfuscation transforms
- can open malware in password-protected zip files without writing to disk
- batch analysis of multiple files/folders on disk or within zips
- CSV output
- pure python 2.x, no dependency or compilation
screenshot for balbuzard options
You can download the tool over this link: https://bitbucket.org/decalage/balbuzard/downloads
Subscribe
0 Comments