This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-1218
FireEye Labs Obfuscated String Solver (FLOSS)
External Tool
External Data Source
GitHub
Unknown
Unknown
56 (lowest rank is 56)
Description
Automatically extract obfuscated strings from malware.
Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key features will not show up as plaintext in output of the strings.exe utility that we commonly use during basic static analysis.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries.
Additional Details
475B
false
Unknown
obfuscated, fireeye, labs, string, solver, floss, fireeye labs obfuscated string solver (floss), 1218, external, inferlink, corporation, inferlink corporation, source, external data source, strings, malware, automatically, extract, analysis, static, key, exe, basic, binaries, portions, deobfuscate, features, output, enhance, advanced, hardcore, domains, heuristic, resources, plaintext, heavily, configure, evade, unknown, utility, backdoors, commonly, techniques, files, protecting, artifacts, authors, infection, other, obfuscating, detections, packers, executable