Analyzing & Extracting Strings
Strings Analysis – This is the process of extracting readable characters and words from the malware.
Strings can give us valuable information about the malware functionality.
Malware will usually contain useful strings and other random strings, also known as garbage strings.
Strings are in ASCII and Unicode format. ( We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII.
The types of strings we are looking for are:
- File names
- URL’s (Domains the malware connects to)
- IP Addresses
- Registry Keys
Attackers may also include fake strings to disrupt our analysis.
Note: Strings give us a glimpse of what the malware can do.
Tools We Will Be Using
- Strings command line utility.
- Shell extensions