June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
1.2.4 Identifying Base64
You can identify a binary using base64 encoding by looking for a long string comprising the Base64 character set (alphanumeric characters, + and /). The following screenshot shows the Base64 character set in the malicious binary, suggesting that malware probably uses Base64 encoding:
You can use the strings cross-references feature (covered in Chapter 5) to locate the code where the Base64 character set is being used, as shown in the following screenshot. Even though it is not necessary to know where the Base64 character set is used in the code to decode Base64 data, sometimes, locating it can be useful, such as in ...