Malduck 🦆
latest
Extraction tools:
Static configuration extractor engine
Memory model objects (procmem)
x86 disassembler
PE wrapper
Yara wrapper
Algorithms:
Cryptography
Compression algorithms
Hashing algorithms
Utilities:
Common bitwise operations
Fixed-integer types
Common string operations (padding, chunks, base64)
Malduck 🦆
Index
Edit on GitHub
Index
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
|
X
|
Y
A
addr (malduck.disasm.Instruction property)
addr_region() (malduck.procmem.procmem.ProcessMemory method)
align() (in module malduck.bits)
align_down() (in module malduck.bits)
aplib() (in module malduck)
asciiz() (in module malduck)
(malduck.procmem.procmem.ProcessMemory method)
B
base (malduck.disasm.Memory attribute)
base64() (in module malduck)
BLOBHEADER (class in malduck.crypto.winhdr)
BYTE (in module malduck)
C
carve_procmem() (malduck.extractor.ExtractManager method)
chunks() (in module malduck)
chunks_iter() (in module malduck)
close() (malduck.procmem.procmem.ProcessMemory method)
collected_config (malduck.extractor.extract_manager.ExtractionContext attribute)
(malduck.extractor.Extractor property)
compare_family_overrides() (malduck.extractor.ExtractorModules method)
config (malduck.extractor.extract_manager.ExtractionContext property)
(malduck.extractor.ExtractManager property)
contains_addr() (malduck.procmem.procmem.Region method)
contains_offset() (malduck.procmem.procmem.Region method)
crc32() (in module malduck)
cuckoomem (in module malduck)
CuckooProcessMemory (class in malduck.procmem.cuckoomem)
D
decrypt() (in module malduck.aes.cbc)
(in module malduck.aes.ctr)
(in module malduck.aes.ecb)
(in module malduck.blowfish.ecb)
(in module malduck.camellia.cbc)
(in module malduck.camellia.cfb)
(in module malduck.camellia.ctr)
(in module malduck.camellia.ecb)
(in module malduck.camellia.ofb)
(in module malduck.chacha20)
(in module malduck.des3.cbc)
(in module malduck.salsa20)
(in module malduck.serpent.cbc)
directory() (malduck.pe.PE method)
disasmv() (malduck.procmem.procmem.ProcessMemory method)
Disassemble (class in malduck.disasm)
disassemble() (malduck.disasm.Disassemble method)
disp (malduck.disasm.Memory attribute)
dos_header (malduck.pe.PE property)
DWORD (in module malduck)
E
elf (malduck.procmem.procmemelf.ProcessMemoryELF property)
encrypt() (in module malduck.aes.cbc)
(in module malduck.aes.ctr)
(in module malduck.aes.ecb)
(in module malduck.blowfish.ecb)
(in module malduck.camellia.cbc)
(in module malduck.camellia.cfb)
(in module malduck.camellia.ctr)
(in module malduck.camellia.ecb)
(in module malduck.camellia.ofb)
(in module malduck.chacha20)
(in module malduck.des3.cbc)
(in module malduck.salsa20)
(in module malduck.serpent.cbc)
end (malduck.procmem.procmem.Region property)
end_offset (malduck.procmem.procmem.Region property)
enhex() (in module malduck)
export_key() (malduck.crypto.aes.PlaintextKeyBlob method)
(malduck.crypto.rsa.RSA static method)
extract() (malduck.procmem.procmem.ProcessMemory method)
ExtractionContext (class in malduck.extractor.extract_manager)
ExtractManager (class in malduck.extractor)
Extractor (class in malduck.extractor)
extractor() (malduck.extractor.Extractor method)
ExtractorModules (class in malduck.extractor)
extractors (malduck.extractor.ExtractManager property)
F
family (malduck.extractor.extract_manager.ExtractionContext property)
(malduck.extractor.Extractor attribute)
file_header (malduck.pe.PE property)
final() (malduck.extractor.Extractor method)
findbytesp() (malduck.procmem.procmem.ProcessMemory method)
findbytesv() (malduck.procmem.procmem.ProcessMemory method)
findmz() (malduck.procmem.procmem.ProcessMemory method)
findp() (malduck.procmem.procmem.ProcessMemory method)
findv() (malduck.procmem.procmem.ProcessMemory method)
from_dir() (malduck.yara.Yara static method)
from_file() (malduck.procmem.procmem.ProcessMemory class method)
from_memory() (malduck.procmem.procmem.ProcessMemory class method)
G
globals (malduck.extractor.Extractor property)
gzip() (in module malduck)
H
handle_match() (malduck.extractor.Extractor method)
headers_size (malduck.pe.PE property)
I
idamem (in module malduck)
IDAProcessMemory (class in malduck.procmem.idamem)
imgend (malduck.procmem.procmemelf.ProcessMemoryELF property)
(malduck.procmem.procmempe.ProcessMemoryPE property)
import_key() (malduck.crypto.rsa.RSA static method)
index (malduck.disasm.Memory attribute)
Instruction (class in malduck.disasm)
Int16 (class in malduck.ints)
int16p() (malduck.procmem.procmem.ProcessMemory method)
int16v() (malduck.procmem.procmem.ProcessMemory method)
Int32 (class in malduck.ints)
int32p() (malduck.procmem.procmem.ProcessMemory method)
int32v() (malduck.procmem.procmem.ProcessMemory method)
Int64 (class in malduck.ints)
int64p() (malduck.procmem.procmem.ProcessMemory method)
int64v() (malduck.procmem.procmem.ProcessMemory method)
Int8 (class in malduck.ints)
int8p() (malduck.procmem.procmem.ProcessMemory method)
int8v() (malduck.procmem.procmem.ProcessMemory method)
intersects_range() (malduck.procmem.procmem.Region method)
IntType (class in malduck.ints)
IntTypeBase (class in malduck.ints)
invert_mask (malduck.ints.MetaIntType property)
ipv4() (in module malduck)
is32bit (malduck.pe.PE property)
is64bit (malduck.pe.PE property)
is_addr() (malduck.procmem.procmem.ProcessMemory method)
is_image_loaded_as_memdump() (malduck.procmem.procmemelf.ProcessMemoryELF method)
(malduck.procmem.procmempe.ProcessMemoryPE method)
is_imm (malduck.disasm.Operand property)
is_mem (malduck.disasm.Operand property)
is_reg (malduck.disasm.Operand property)
is_valid() (malduck.procmem.procmemelf.ProcessMemoryELF method)
(malduck.procmem.procmempe.ProcessMemoryPE method)
iter_regions() (malduck.procmem.procmem.ProcessMemory method)
L
last (malduck.procmem.procmem.Region property)
last_offset (malduck.procmem.procmem.Region property)
length (malduck.procmem.procmem.ProcessMemory property)
log (malduck.extractor.Extractor property)
lznt1() (in module malduck)
M
malduck.bits
module
malduck.compression
module
malduck.crypto
module
malduck.disasm
module
malduck.extractor
module
malduck.hash
module
malduck.ints
module
malduck.pe
module
malduck.procmem
module
malduck.string
module
malduck.yara
module
mask (malduck.ints.MetaIntType property)
match() (malduck.yara.Yara method)
match_procmem() (malduck.extractor.ExtractManager method)
matched (malduck.extractor.Extractor property)
md5() (in module malduck)
mem (malduck.disasm.Operand property)
Memory (class in malduck.disasm)
MetaIntType (class in malduck.ints)
module
malduck.bits
malduck.compression
malduck.crypto
malduck.disasm
malduck.extractor
malduck.hash
malduck.ints
malduck.pe
malduck.procmem
malduck.string
malduck.yara
MultipliedIntTypeBase (class in malduck.ints)
N
needs_elf() (malduck.extractor.Extractor method)
needs_pe() (malduck.extractor.Extractor method)
nt_headers (malduck.pe.PE property)
O
on_error() (malduck.extractor.ExtractManager method)
(malduck.extractor.Extractor method)
(malduck.extractor.ExtractorModules method)
on_extractor_error() (malduck.extractor.extract_manager.ExtractionContext method)
(malduck.extractor.ExtractManager method)
op1 (malduck.disasm.Instruction property)
op2 (malduck.disasm.Instruction property)
op3 (malduck.disasm.Instruction property)
Operand (class in malduck.disasm)
optional_header (malduck.pe.PE property)
overrides (malduck.extractor.Extractor attribute)
P
p16() (in module malduck)
p2v() (malduck.procmem.procmem.ProcessMemory method)
(malduck.procmem.procmem.Region method)
p32() (in module malduck)
p64() (in module malduck)
p8() (in module malduck)
pack() (in module malduck.bigint)
(malduck.ints.IntType method)
pack_be() (in module malduck.bigint)
(malduck.ints.IntType method)
pad() (in module malduck)
parent (malduck.extractor.extract_manager.ExtractionContext attribute)
parse() (malduck.crypto.aes.PlaintextKeyBlob method)
patchp() (malduck.procmem.procmem.ProcessMemory method)
patchv() (malduck.procmem.procmem.ProcessMemory method)
PE (class in malduck.pe)
pe (malduck.procmem.procmempe.ProcessMemoryPE property)
PlaintextKeyBlob (class in malduck.crypto.aes)
PrivateKeyBlob (class in malduck.crypto.rsa)
ProcessMemory (class in malduck.procmem.procmem)
ProcessMemoryELF (class in malduck.procmem.procmemelf)
ProcessMemoryPE (class in malduck.procmem.procmempe)
procmem (in module malduck)
procmemelf (in module malduck)
procmempe (in module malduck)
PublicKeyBlob (class in malduck.crypto.rsa)
push_config() (malduck.extractor.extract_manager.ExtractionContext method)
(malduck.extractor.Extractor method)
push_file() (malduck.extractor.ExtractManager method)
push_procmem() (malduck.extractor.extract_manager.ExtractionContext method)
(malduck.extractor.ExtractManager method)
(malduck.extractor.Extractor method)
Q
QWORD (in module malduck)
R
rabbit() (in module malduck)
rc4() (in module malduck)
readp() (malduck.procmem.procmem.ProcessMemory method)
readv() (malduck.procmem.procmem.ProcessMemory method)
readv_regions() (malduck.procmem.procmem.ProcessMemory method)
readv_until() (malduck.procmem.procmem.ProcessMemory method)
reg (malduck.disasm.Operand property)
regexp() (malduck.procmem.procmem.ProcessMemory method)
regexv() (malduck.procmem.procmem.ProcessMemory method)
Region (class in malduck.procmem.procmem)
resource() (malduck.pe.PE method)
resources() (malduck.pe.PE method)
rol() (in module malduck.bits)
(malduck.ints.IntType method)
ror() (in module malduck.bits)
(malduck.ints.IntType method)
RSA (class in malduck.crypto.rsa)
rsa (in module malduck)
rule() (malduck.extractor.Extractor method)
rules (malduck.extractor.ExtractManager property)
S
scale (malduck.disasm.Memory attribute)
section() (malduck.pe.PE method)
sections (malduck.pe.PE property)
sha1() (in module malduck)
sha224() (in module malduck)
sha256() (in module malduck)
sha384() (in module malduck)
sha512() (in module malduck)
size (malduck.disasm.Memory attribute)
store() (malduck.procmem.procmempe.ProcessMemoryPE method)
string() (malduck.extractor.Extractor method)
structure() (malduck.pe.PE method)
T
to_json() (malduck.procmem.procmem.Region method)
trim_range() (malduck.procmem.procmem.Region method)
U
u16() (in module malduck)
u32() (in module malduck)
u64() (in module malduck)
u8() (in module malduck)
UInt16 (class in malduck.ints)
uint16() (in module malduck)
uint16p() (malduck.procmem.procmem.ProcessMemory method)
uint16v() (malduck.procmem.procmem.ProcessMemory method)
UInt32 (class in malduck.ints)
uint32() (in module malduck)
uint32p() (malduck.procmem.procmem.ProcessMemory method)
uint32v() (malduck.procmem.procmem.ProcessMemory method)
UInt64 (class in malduck.ints)
uint64() (in module malduck)
uint64p() (malduck.procmem.procmem.ProcessMemory method)
uint64v() (malduck.procmem.procmem.ProcessMemory method)
UInt8 (class in malduck.ints)
uint8() (in module malduck)
uint8p() (malduck.procmem.procmem.ProcessMemory method)
uint8v() (malduck.procmem.procmem.ProcessMemory method)
uleb128() (in module malduck)
unhex() (in module malduck)
unpack() (in module malduck.bigint)
(malduck.ints.IntType class method)
unpack_be() (in module malduck.bigint)
(malduck.ints.IntType class method)
unpad() (in module malduck)
utf16z() (in module malduck)
(malduck.procmem.procmem.ProcessMemory method)
V
v2p() (malduck.procmem.procmem.ProcessMemory method)
(malduck.procmem.procmem.Region method)
validate_import_names() (malduck.pe.PE method)
validate_padding() (malduck.pe.PE method)
validate_resources() (malduck.pe.PE method)
value (malduck.disasm.Operand property)
W
weak() (malduck.extractor.Extractor method)
WORD (in module malduck)
X
xor() (in module malduck)
Y
Yara (class in malduck.yara)
yara_rules (malduck.extractor.Extractor attribute)
YaraMatch (in module malduck.yara)
YaraMatches (in module malduck.yara)
yarap() (malduck.procmem.procmem.ProcessMemory method)
YaraString (class in malduck.yara)
yarav() (malduck.procmem.procmem.ProcessMemory method)