Programming
Embarcadero Dev-C++ is a new and improved fork (sponsored by Embarcadero) of Bloodshed Dev-C++ and Orwell Dev-C++. It is a full-featured Integrated Development Environment (IDE) and code editor for the C/C++ programming language. It is useful to have in a malware analysis VM to quickly prototype C programs using the Windows API, writing loaders, patchers, etc.
The flat assembler (fasm) can be very useful while reversing stuff. For example, you may want to create an executable from a binary payload (some people would call it a "shellcode to executable conversion") this way:
Also, there are many interesting source code examples in the %AppFolder%\fasm\examples directory.
Python library handy to malware analysts. Go to retoolkit -> Programming -> Python Command Prompt, type python, and import malduck to use it. For example:
C:\Users\admin\AppData\Local\Programs\retoolkit\programming\winpython\scripts>python
Python 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> from malduck import aplib
>>>
>>> # Headerless compressed buffer
>>> aplib(b'T\x00he quick\xecb\x0erown\xcef\xaex\x80jumps\xed\xe4veur`t?lazy\xead\xfeg\xc0\x00')
b'The quick brown fox jumps over the lazy dog'
Check malduck's GitHub page for more examples.
Portable Python 3 interpreter, command prompt, GUI and famous tools all together. It is used in retoolkit mainly to execute the Python-based tools shipped with it, but you can also use it for doing whatever you want with Python. 🐍
Additionally, the following modules are already installed via pip:
autoit-ripper
dumpulator
lief
malduck
oletools
pefile
pywin32
requests
XLMMacroDeobfuscator