Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
balbuzard is a tool to extract patterns of interest from malicious files, such as IP addresses, URLs, embedded files and typical malware strings. It is easily extensible with new patterns, regular expressions and Yara rules.
bbcrack uses a new algorithm based on patterns of interest to bruteforce typical malware obfuscation such as XOR, ROL, ADD and various combinations (see Transforms), in order to guess which algorithms/keys have been used.
bbharvest extracts all patterns of interest found when applying typical malware obfuscation Transforms such as XOR, ROL, ADD and various combinations, trying all possible keys. It is especially useful when several keys or several transforms are used in a single file.
bbtrans can apply any of the Transforms from bbcrack (XOR, ROL, ADD and various combinations) to a file.