How to extract strings from malware

While it should be straightforward, due to different encodings and such, this sometimes goes wrong. Because of that, you should use multiple tools to extract the strings.

pestr is a linux tool, that will extract both ASCII and unicode strings:

pestr sample.exe

pestr can also look only for strings related to networking:

pestr -net sample.exe

An alternative is the use the linux strings command, but it will only give you ASCII strings. Add –encoding=-l to get unicode, and always use -a to treat everything as a string.

BinText for Windows is a GUI tool that will do the same.

PEStudio for Windows also contains a strings section