Ring Ø Labs DOES NOT advocate using any of the malware, techniques, or information presented here for harm and doing so may violate the law. These topics are for mitigation and educational purposes only. Read more about us here

Saturday, August 12, 2017

Copying Non-Selectable Window Text

Today we examine a malware analysis technique to retrieve text from non-selectable windows.











RING Ø LABS

Malware Analysis


DETAILS

Often when examining a piece of malware it will display non-selectable text boxes like this one:


These text boxes can be shown for many different reasons; program crash, invalid parameters, virtual machine/debugger/sandbox detection, etc. Whatever the reason is, these strings can provide valuable insight into the program.




Due to the ever expanding global malware market this text is often in a different language and makes it difficult for non-native speakers to search for and subsequently hinders analysis.




There are many techniques out there to gather strings from message boxes (API Monitors, Window Handle Searches, debugging breakpoints, specialized software for text box monitoring), however, there is a simple method of obtaining the text from these windows that does not require any additional software.


View this very short analysis video for a demonstration on how to perform this handy trick: