search

mandiant / flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Apache License 2.0
3.17k stars 445 forks source link

rust: lots of junk strings #931

Open williballenthin opened 8 months ago

williballenthin commented 8 months ago

image

from https://www.virustotal.com/gui/file/ef01c77275359e1399b9d2a7a1bc12e440d6cfc143e143237dc40918bab973fe

 ─────────────────────────── 
  FLOSS RUST STRINGS (9782)  
 ─────────────────────────── 

82J@
82J@
@4J@
,vJ@
/rustc/2c8cc343237b8f7d5a3c3703e3a87f2eb2c54a74\library\std\src\io\mod.rs
failed to write whole buffer
C:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\aes-0.7.5\src\ni\utils.rs
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
 GK@
it4ch1-007 commented 1 week ago

I would like to work on this issue. Do u want to just ignore the junk strings and remove them?

williballenthin commented 1 week ago

yes. we'd like to understand why they are being identified and then update the algorithm so that they're no longer extracted.