A collection of public malware config parsers. Each script is self contained. At some point they might tie together into a bigger framework, but at the moment this will be a collection of one-off's.
Ruby is used for a majority of these decoders.
The following libraries are used.
- capstone engine (https://github.com/aquynh/capstone)
- crabstone (https://github.com/bnagy/crabstone)
- pedump (https://github.com/zed-0xff/pedump)