All language subtitles for 5. Strings

af Afrikaans
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bn Bengali
bs Bosnian
bg Bulgarian
ca Catalan
ceb Cebuano
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
tl Filipino
fi Finnish
fr French
fy Frisian
gl Galician
ka Georgian
de German
el Greek
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
km Khmer
ko Korean
ku Kurdish (Kurmanji)
ky Kyrgyz
lo Lao
la Latin
lv Latvian
lt Lithuanian
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mn Mongolian
my Myanmar (Burmese)
ne Nepali
no Norwegian
ps Pashto
fa Persian
pl Polish
pt Portuguese
pa Punjabi
ro Romanian
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
st Sesotho
sn Shona
sd Sindhi
si Sinhala
sk Slovak
sl Slovenian
so Somali
es Spanish
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
te Telugu
th Thai
tr Turkish
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
or Odia (Oriya)
rw Kinyarwanda
tk Turkmen
tt Tatar
ug Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:07,700 Welcome and thanks for watching, on this lesson we'll keep looking for malware funcionalities in strings 2 00:00:09,166 --> 00:00:13,999 Strings are sequences of characters embedded within our malware sample. 3 00:00:14,000 --> 00:00:18,366 These characters contain clues about malware functionality 4 00:00:20,566 --> 00:00:30,466 you could find Command and Control domain names, url's, file names that malware is creating, apis the malware is using and so on. 5 00:00:34,566 --> 00:00:38,566 lets start our windows virtual machine 6 00:00:47,466 --> 00:00:54,532 ok then , we are going to extract strings from our binary Rams1 7 00:00:54,533 --> 00:00:58,699 first tool we'll try is floss 8 00:00:58,700 --> 00:01:04,900 its easier if you just copy Rams1 in floss folder 9 00:01:04,900 --> 00:01:10,900 floss is a console application, I have it ready here 10 00:01:10,900 --> 00:01:26,766 in my case I download floss in my c drive, folder floss, then just type floss sixty four space Rams1.exe 11 00:01:29,200 --> 00:01:38,200 what we're seeing here, is floss getting all strings it can, from our Rams1 binary 12 00:01:38,833 --> 00:01:44,833 you will always get this cannot run in dos, just ignore it 13 00:01:47,366 --> 00:01:54,366 so we start inspecting this and we'll find some interesting strings 14 00:02:01,500 --> 00:02:11,500 and look what we have here, this link could be a Command and Control center this malware is connecting to 15 00:02:11,500 --> 00:02:18,500 here we see something else, it's the rescue note, this ransomware is dropping. 16 00:02:27,000 --> 00:02:34,133 if you keep digging you probably find functions, apis and so on. 17 00:02:44,166 --> 00:02:50,166 ok, now will see this in bintext tool, as I told you before you should try more than one 18 00:02:50,166 --> 00:02:55,166 because one tool could extract strings that other can't 19 00:02:55,333 --> 00:02:59,333 so lets open this and upload our binary 20 00:03:10,200 --> 00:03:14,200 and there we go 21 00:03:21,366 --> 00:03:26,399 that's it, for starters these tools are enough. 22 00:03:28,900 --> 00:03:33,966 Thanks for watching and please join me on next static analysis lesson 2399

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.