Karten 18 Karten
Lernende 0 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 19.06.2019 / 19.06.2019
Lizenzierung Keine Angabe
0 Exakte Antworten 18 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

Why is it important to extract and analyze strings from processes / binaries?

The dumped strings may contain:

  • CC commands
  • CC URLs
  • Filesystem paths
  • Malware names
  • Names of AVs to kill
  • Malware log messages
  • ...

In some cases, the strings may be sufficient to identify a sample, or at least to develop a first understanding of a samples capabilities.

Fenster schliessen

How can strings be extracted from processes and binaries?

Simply run strings on dumped (and unpacked) process memory, DLLs ,etc..

Under linux two invocations of strings needs to be made for ASCII and unicode strings

strings -el memory.bin

stings memory.bin