Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
The FLARE Obfuscated String Solver (FLOSS, formerly FireEye Labs Obfuscated String Solver) uses advanced
static analysis techniques to automatically extract and deobfuscate all strings from
malware binaries. You can use it just like strings.exe
to enhance the
basic static analysis of unknown binaries.
Rather than heavily protecting backdoors with hardcore packers, many
malware authors evade heuristic detections by obfuscating only key
portions of an executable. Often, these portions are strings and resources
used to configure domains, files, and other artifacts of an infection.
These key features will not show up as plaintext in the output of the strings.exe
utility
that we commonly use during basic static analysis.
FLOSS extracts all the following string types:
Please review the theory behind FLOSS here.
Our blog post talks more about the motivation behind FLOSS and details how the tool works.
FLOSS version 2.0 updates are detailed in this blog post.
Not all compilers use string formats that the classic strings.exe
algorithm supports. For example, if strings are UTF-8 encoded or stored without a NULL-terminator. FLOSS can identify and extract strings from programs compiled from the following languages:
The strings FLOSS extracts specific to a compiler are much easier to inspect by humans.
Please consult the documentation to learn more about the language-specific string extraction.
To use FLOSS, download a standalone executable file from the releases page: https://github.com/mandiant/flare-floss/releases
See the installation documentation for a detailed description of all methods to install FLOSS.
Extract obfuscated strings from a malware binary:
$ floss malware.exe
Only extract stack and tight strings:
$ floss --only stack tight -- suspicious.exe
Do not extract static strings:
$ floss --no static -- backdoor.exe
Display the help/usage screens:
$ floss -h # show core arguments
$ floss -H # show all supported arguments
For a detailed description of using FLOSS, review the documentation here.
FLOSS also contains additional Python scripts in the scripts directory which can be used to load its output into other tools such as Binary Ninja or IDA Pro. For detailed description of these scripts review the documentation here.
FAQs
FLARE Obfuscated String Solver
We found that flare-floss demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.