Malware Analysis

Extracting Strings

Analyzing Strings

This is the process of extracting readable characters and words from the malware.

Strings can give us valuable information about the malware functionality.

Malware will usually contain useful strings and other random strings, also known as garbage strings.

Strings are in ASCII and Unicode format. (We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII)

The types of strings we are looking for are:

  • File names;

  • URLs (Domains the malware connects to);

  • IP Addresses;

  • Registry Keys.

Notes

Attackers may also include fake strings to disrupt our analysis.

Strings give us a glimpse of what the malware can do.

Tools

  • Strings command line utility

  • Shell extensions

  • Pestudio

  • peid

PreviousGenerating Malware HashesNextPackers & Unpacking

Last updated