5247a58da4
ok benoit@.
11 lines
662 B
Plaintext
11 lines
662 B
Plaintext
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis
|
|
techniques to automatically deobfuscate strings from malware binaries. You can
|
|
use it just like strings.exe to enhance basic static analysis of unknown
|
|
binaries.
|
|
Rather than heavily protecting backdoors with hardcore packers, many malware
|
|
authors evade heuristic detections by obfuscating only key portions of an
|
|
executable. Often, these portions are strings and resources used to configure
|
|
domains, files, and other artifacts of an infection. These key features will not
|
|
show up as plaintext in output of the strings.exe utility that is commonly used
|
|
during basic static analysis.
|