Analyzing & Extracting Strings
-
Strings Analysis – This is the process of extracting readable characters and words from the malware.
-
Strings can give us valuable information about the malware functionality.
-
Malware will usually contain useful strings and other random strings, also known as garbage strings.
-
Strings are in ASCII and Unicode format. ( We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII.
-
The types of strings we are looking for are:
- File names
- URL’s (Domains the malware connects to)
- IP Addresses
- Registry Keys
-
Attackers may also include fake strings to disrupt our analysis.
Note: Strings give us a glimpse of what the malware can do.
Tools We Will Be Using
- Strings command line utility.
- Shell extensions
- Pestudio
- peid