search

brad-sp / cuckoo-modified

Modified edition of cuckoo
271 stars 100 forks source link

Strings output is giving less informations than a real strings command #193

Closed jmigot-tehtris closed 9 years ago

jmigot-tehtris commented 9 years ago

An example with this file : https://www.virustotal.com/en/file/1348b42e0ccc4f14ec10579975acd11e98337f2e2ce2cb7e7d8aa53240fcc95b/analysis/

Strings from cuckoo-modified give only these two lines :

    "strings": [
        "Ku;LX", 
        "z<q%?"
    ],

while a real strings command would give much more potential valuable informations :

[ . . . ]
[Content_Types].xmlPK
_rels/.relsPK
word/_rels/document.xml.relsPK
word/document.xmlPK
word/theme/theme1.xmlPK
word/vbaProject.binPK
word/_rels/vbaProject.bin.relsPK
word/vbaData.xmlPK
word/settings.xmlPK
word/styles.xmlPK
word/numbering.xmlPK
docProps/core.xmlPK
word/fontTable.xmlPK
word/webSettings.xmlPK
docProps/app.xmlPK

I know you have modified the strings behaviour in a previous commit to eliminate some garbage strings, but maybe this is too sharpened now ?

brad-sp commented 9 years ago

See: https://github.com/brad-accuvant/cuckoo-modified/issues/49

jmigot-tehtris commented 9 years ago

Ok sorry, I didn't see this option.