strings64.exe

  • File Path: C:\SysinternalsSuite\strings64.exe
  • Description: Search for ANSI and Unicode strings in binary images.

Hashes

Type Hash
MD5 6C80C7B230FDB0C9E4BB8C607CDB1701
SHA1 E18F2DE77CCACD232635574FB5BF87BB03494A12
SHA256 514E06F3C5A6B8401365D1D42E858DA15A32EB7BB26D1A25092A830B074574D6
SHA384 E4841CF0713CA7118A0C91A3FADA94C533677FF4D7C19829C616CFF051E7CCB57D26468492B5B788AE5366DD6BED0456
SHA512 9AEC2EE3A8BB9D5D4A5D71AB67C6896762B576AFC2FF6BF4A957D4655770E6C48EB44A4B21FFCDE266912AE36A8E3D6A8F96193DDE046FC4A49917FAEE445864
SSDEEP 6144:RBfKydlM/ZaXmLTT5vHxibThkIk+qfTy3MbHXbTTvHn65I/ZLBJXYA7c0KHpJv:RBfDcha0ibThkIk+qfTXjXbTTTNsJZ
IMP DA8963C16F4A4686BA1ECEB284132D2F
PESHA1 BFCC33616B5745CF0406F489FD8C87FA9D6C3573
PE256 A14570C8D7F1D498DE0CDE12AAA6DA12E4C9CB12796BB296B749A3C5C35264C6

Runtime Data

Usage (stdout):


Strings v2.53 - Search for ANSI and Unicode strings in binary images.
Copyright (C) 1999-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: C:\SysinternalsSuite\strings64.exe [-a] [-f offset] [-b bytes] [-n length] [-o] [-s] [-u] <file or directory>
-a     Ascii-only search (Unicode and Ascii is default)
-b     Bytes of file to scan
-f     File offset at which to start scanning.
-o     Print offset in file string was located
-n     Minimum string length (default is 3)
-s     Recurse subdirectories
-u     Unicode-only search (Unicode and Ascii is default)
-nobanner
       Do not display the startup banner and copyright message.

Usage (stderr):

No matching files were found.

Loaded Modules:

Path
C:\SysinternalsSuite\strings64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001519E8D8F4071A30E41000000000151
  • Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: strings.exe
  • Product Name: Sysinternals Strings
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.53
  • Product Version: 2.53
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1999-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/514e06f3c5a6b8401365d1d42e858da15a32eb7bb26d1a25092a830b074574d6/detection/

Possible Misuse

The following table contains possible examples of strings64.exe being misused. While strings64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\strings64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.