Malduck 🦆
4.4.0

Extraction tools:

  • Static configuration extractor engine
  • Memory model objects (procmem)
  • x86 disassembler
  • PE wrapper
  • Yara wrapper

Algorithms:

  • Cryptography
  • Compression algorithms
  • Hashing algorithms

Utilities:

  • Common bitwise operations
  • Fixed-integer types
  • Common string operations (padding, chunks, base64)
Malduck 🦆
  • Overview: module code

All modules for which code is available

  • malduck.bits
  • malduck.crypto.aes
  • malduck.crypto.rabbit
  • malduck.crypto.rc
  • malduck.crypto.rsa
  • malduck.crypto.winhdr
  • malduck.crypto.xor
  • malduck.disasm
  • malduck.extractor.extract_manager
  • malduck.extractor.extractor
  • malduck.extractor.modules
  • malduck.hash.crc
  • malduck.hash.sha
  • malduck.ints
  • malduck.pe
  • malduck.procmem.cuckoomem
  • malduck.procmem.idamem
  • malduck.procmem.procmem
  • malduck.procmem.procmemelf
  • malduck.procmem.procmempe
  • malduck.procmem.region
  • malduck.string.bin
  • malduck.string.inet
  • malduck.string.ops
  • malduck.yara

© Copyright 2022, CERT Polska.

Built with Sphinx using a theme provided by Read the Docs.