Malware Analysis – Extracting Strings

Video Link

Analyzing & Extracting Strings

  • Strings Analysis – This is the process of extracting readable characters and words from the malware.

  • Strings can give us valuable information about the malware functionality.

  • Malware will usually contain useful strings and other random strings, also known as garbage strings.

  • Strings are in ASCII and Unicode format. ( We need to specify the type of strings we want to extract during analysis, as some tools only extract ASCII.

  • The types of strings we are looking for are:

    • File names
    • URL’s (Domains the malware connects to)
    • IP Addresses
    • Registry Keys
  • Attackers may also include fake strings to disrupt our analysis.

Note: Strings give us a glimpse of what the malware can do.

Tools We Will Be Using

  • Strings command line utility.
  • Shell extensions
  • Pestudio
  • peid