http://reversingminds-blog.logdown.com/posts/7369479
A python script using radare2 for decrypt and patch the strings of GootKit malware
-o [JSON|PLAINTEXT] print decrypted strings in the given format
patch_gootkit.py unpacked_gootkit.exe
patch_gootkit.py unpacked_gootkit.exe -o
patch_gootkit.py unpacked_gootkit.exe -o json
unpacked_gootkit.exe__patched