Strings and Imports

"Strings" are essentially the ASCII / Text contents of a program...this could be anything from passwords for self-extracting zips, to bitcoin addresses in ransomware samples.

Such as that in the example above, when analysing the contents of these strings, we can sometimes paint a fairly indicative picture of the behaviours of the programme - bitcoin wallets being used in ransomware. We can see some strings look like Windows APIs. For example, CloseHandle, GetExitCodeProcess, TerminateProcess

user@machine$ strings wannacry
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data

Strings - SysinternalsMicrosoftLearn

GitHub - horsicq/Detect-It-Easy: Program for determining types of files for Windows, Linux and MacOS.GitHub

PE Explorerwww.pe-explorer.com

Imports