I have a malware sample with several strings all stored in different arrays. Through disassembly, I can see where many of the arrays are indexed in the code, but one particular block of strings, does not look to be referenced by anywhere or anything (block of ~300 strings). I understand this can change at runtime, but so far debugging havent seen this happen (not to say it doesnt).
So my question is.. Does malware sometimes put strings in itself just to throw off things / help bypass anti virus...etc? Or are there other tips you have on tracking down string references like this. (this is an unpacked sample btw)
So my question is.. Does malware sometimes put strings in itself just to throw off things / help bypass anti virus...etc? Or are there other tips you have on tracking down string references like this. (this is an unpacked sample btw)
