strings.exe
- File Path:
C:\SysinternalsSuite\strings.exe
- Description: Search for ANSI and Unicode strings in binary images.
Hashes
| Type |
Hash |
| MD5 |
992D1846178BC7002BE95BE71D4722CB |
| SHA1 |
E414CB3DCD457998E2F31585C2EF5E4A08EB48B1 |
| SHA256 |
8EF3019ACE33AD1C54004BF00538266F8BC4595275DB89B1484DB352C770A67F |
| SHA384 |
2C7EFFF535DBAE481BA0CE7AD5D2A0B3A4DFD76E157A9CE7DC694643D67C16EC6EBA0D7EEB479455CDD0B8F5B917030D |
| SHA512 |
F7A3A910534B6132D5DAB619DAEFC59DB5E35575DC0FCF97E8D8EDB12A50ECAE767B4A6BF3C8CF28AF67DB4CCB4F474A740E6940F948347CC389368FD7C1C1BC |
| SSDEEP |
6144:hlfIp6fYi/Jd5KkuaV/yuoDPBcUGX87Lc7yF:hup6Yi/JrKpaVqupXz |
| IMP |
CDC0BDDD514E6D3C047926379E3C9A62 |
| PESHA1 |
21D20AA697FAF24D3A9D37F9540DE5FDCE6F25FA |
| PE256 |
0C2ED54FB700C468E7F8F90F3CB4221561913143195B0FAE877277558FF7F38A |
Runtime Data
Usage (stdout):
Strings v2.53 - Search for ANSI and Unicode strings in binary images.
Copyright (C) 1999-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
usage: C:\SysinternalsSuite\strings.exe [-a] [-f offset] [-b bytes] [-n length] [-o] [-s] [-u] <file or directory>
-a Ascii-only search (Unicode and Ascii is default)
-b Bytes of file to scan
-f File offset at which to start scanning.
-o Print offset in file string was located
-n Minimum string length (default is 3)
-s Recurse subdirectories
-u Unicode-only search (Unicode and Ascii is default)
-nobanner
Do not display the startup banner and copyright message.
Usage (stderr):
No matching files were found.
Loaded Modules:
| Path |
| C:\SysinternalsSuite\strings.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000001519E8D8F4071A30E41000000000151
- Thumbprint:
62009AAABDAE749FD47D19150958329BF6FF4B34
- Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: strings.exe
- Product Name: Sysinternals Strings
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 2.53
- Product Version: 2.53
- Language: English (United States)
- Legal Copyright: Copyright (C) 1999-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/8ef3019ace33ad1c54004bf00538266f8bc4595275db89b1484db352c770a67f/detection/
Possible Misuse
The following table contains possible examples of strings.exe being misused. While strings.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.