Table of Contents
About this Feature
Unlike binary code, strings are typically easier to explicate. Extracting relevant strings can provide context about the program functionality and indicators associated with a suspect binary. Strings can be references to filenames, domain names, URLs, IP addresses, attack commands, registry keys and more. Although they do not always paint a clear picture of the purpose or capability of a file, certain strings can provide a hint about what a malware is capable of doing.
Pivot Between Related Samples
In addition to viewing related samples based on code reuse, users can also pivot between different malware samples that share strings. This can widen your investigation and be used to gather additional intel about a potential incident or targeted attack against your organization.
