June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.2 Decoding Obfuscated Strings Using FLOSS
Most of the times, malware authors use simple string obfuscation techniques to avoid detection. In such cases, those obfuscated strings will not show up in the strings utility and other string extraction tools. FireEye Labs Obfuscated String Solver (FLOSS) is a tool designed to identify and extract obfuscated strings from malware automatically. It can help you determine the strings that malware authors want to hide from string extraction tools. FLOSS can also be used just like the strings utility to extract human-readable strings (ASCII and Unicode). You can download FLOSS for Windows or Linux from https://github.com/fireeye/flare-floss.
In the following example, running a FLOSS standalone binary ...