Extracting Strings

Analyzing Strings

This is the process of extracting readable characters and words from the malware.

Strings can give us valuable information about the malware functionality.

Malware will usually contain useful strings and other random strings, also known as garbage strings.

Strings are in ASCII and Unicode format. (We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII)

The types of strings we are looking for are:

File names;
URLs (Domains the malware connects to);
IP Addresses;
Registry Keys.

Notes

Attackers may also include fake strings to disrupt our analysis.

Strings give us a glimpse of what the malware can do.

Tools

Strings command line utility
Shell extensions
Pestudio
peid

PreviousGenerating Malware Hashes NextPackers & Unpacking

Last updated 2 years ago

Extracting Strings

Analyzing Strings

This is the process of extracting readable characters and words from the malware.

Strings can give us valuable information about the malware functionality.

Malware will usually contain useful strings and other random strings, also known as garbage strings.

Strings are in ASCII and Unicode format. (We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII)

The types of strings we are looking for are:

File names;
URLs (Domains the malware connects to);
IP Addresses;
Registry Keys.

Notes

Attackers may also include fake strings to disrupt our analysis.

Strings give us a glimpse of what the malware can do.

Tools

Strings command line utility
Shell extensions
Pestudio
peid

PreviousGenerating Malware Hashes NextPackers & Unpacking

Last updated 2 years ago