# Strings and Imports

"Strings" are essentially the ASCII / Text contents of a program...this could be anything from passwords for self-extracting zips, to bitcoin addresses in ransomware samples.

Such as that in the example above, when analysing the contents of these strings, we can sometimes paint a fairly indicative picture of the behaviours of the programme - bitcoin wallets being used in ransomware. We can see some strings look like Windows APIs. For example, `CloseHandle`, `GetExitCodeProcess`, `TerminateProcess`

```
user@machine$ strings wannacry
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
```

{% embed url="<https://learn.microsoft.com/en-us/sysinternals/downloads/strings>" %}

{% embed url="<https://github.com/horsicq/Detect-It-Easy>" %}

{% embed url="<https://www.pe-explorer.com/>" %}

### Imports

<figure><img src="https://195908312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fngh2Qug3BBWIjUTvw9ZY%2Fuploads%2FZrbFhjlyEbQhf62iiwYm%2Fimage.png?alt=media&#x26;token=be9d3b8c-9938-4ab2-aab2-287c07ae6e18" alt=""><figcaption></figcaption></figure>