Description
This script will attempt to print stack strings discovered in the provided executable. The formatting isn’t the best, but it get’s the job done.
| Platform | Linux |
| Author | TotalHash |
| License | Free |
| URL | https://github.com/REMnux/distro/blob/master/files/strdeob.pl |
Usage
Usage: strdeob.pl <file>Examples
strdeob.pl file.exe
In this example, strdeob.pl outputs what it believes are stack strings from file.exe.
remnux@remnux:~/malware/day5$ strdeob.pl 9.exe
user32.dll\Program Files\Common Files\WinSta0\DefaultTLSrundll32.exeimm32.dllImmInstallIMEAimm32.dllImmGetIMEFileNameAdragonnest.exednlauncher.exexcb.datKernel32.dllLoadLibraryExWimeutil.exesgtool.exedragonnest.exednlauncher.exeqqlogin.exeiexplore.exexcb.dat\Program Files\Common Files\\Program Files\Common Files\dragonnest.exexcb.datKernel32.dllLoadLibraryExWV
...0+%|w?t=%s&a=%s&s=%s&sp=%s&r=%s&tn=%d&mb=%s&bsmb=%d&pin=%s&pin2=%s&cap=%d&hsn=%s&GA=%sdelphi.}.YWININET.dllInternetWriteFileHttpOpenRequestAHttpSendRequestExAHttpEndRequestAInternetConnectA?action=testlock&u=%s?action=breakline&u=%s?action=exception&u=%s?action=destroy&u=%s?action=frozen&u=%s?action=getproc&u=%s?action=playerlogin&u=%s
ws2_32.dllrecvrecvfromIphlpapi.dllGetAdaptersInfo8ui1qw31adSoftware\Nexon\CStrike-Online\SettingsRegionCodeexplorer.exerundll32.execonfig.exesogou360safe.exe360tray.exeexplorer.exe..YU..6..2.EZ.~..c
.
..Mup........cD............uP.d...
^H.~h
..A.B...
.I.
.8.Blog Posts