🦆 Malduck

Malduck is your ducky companion in malware analysis journeys. It is mostly based on Roach project, which derives many concepts from mlib library created by Maciej Kotowicz. The purpose of fork was to make Roach independent from Cuckoo Sandbox project, but still supporting its internal procmem format.

Malduck provides many improvements resulting from CERT.pl codebase, making scripts written for malware analysis purposes much shorter and more powerful.

Improvements

Support for (non)memory-mapped PE images without header fix-up.
Searching for wildcarded byte sequences
Support for x64 disassembly
Fixed-precision integer types
Many improvements in ProcessMemory

Usage

Installing may be performed by running

pip install malduck

Usage documentation can be found on readthedocs.

Name		Name	Last commit message	Last commit date
Latest commit History 309 Commits
.github/workflows		.github/workflows
docs		docs
malduck		malduck
tests		tests
.gitignore		.gitignore
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.md		README.md
readthedocs.yml		readthedocs.yml
requirements.txt		requirements.txt
setup.cfg		setup.cfg
setup.py		setup.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

🦆 Malduck

Improvements

Usage

About

Releases

Packages

Languages

License

yunzheng/malduck

Folders and files

Latest commit

History

Repository files navigation

🦆 Malduck

Improvements

Usage

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages