Strings are textual artifacts extracted from a file and compared to Intezer’s vast code database for any matches to previously seen legitimate or malicious software. Strings can provide additional context about the nature of a threat.
Table of Contents
About this Feature
Unlike binary code, strings are typically easier to explicate. Extracting relevant strings can provide context about the program functionality and indicators associated with a suspect binary. Strings can be references to filenames, domain names, URLs, IP addresses, attack commands, registry keys and more. Although they do not always paint a clear picture of the purpose or capability of a file, certain strings can provide a hint about what a malware is capable of doing.
Pivot Between Related Samples
In addition to viewing related samples based on code reuse, users can also pivot between different malware samples that share strings. This can widen your investigation and be used to gather additional intel about a potential incident or targeted attack against your organization.