Static analysis

Static malware analysis

Sysinternal strings help

Extract strings

turned_in_notPE, Rokrat, Strings
Extracting strings is an important step in malware analysis. In this post we will concentrate on static analysis and learn how we can extract/interpret strings from malware. You can download Rokrat (MD5: b441d9a75c60b222e3c9fd50c0d14c5b) from VirusTotal¬†/¬†VirusBay / ANY.RUN. Why do we need to do this? Guess the malware functionality based on…
Read More