Today we examine a malware analysis technique to retrieve text from non-selectable windows.
RING Ø LABS
Often when examining a piece of malware it will display non-selectable text boxes like this one:
These text boxes can be shown for many different reasons; program crash, invalid parameters, virtual machine/debugger/sandbox detection, etc. Whatever the reason is, these strings can provide valuable insight into the program.
Due to the ever expanding global malware market this text is often in a different language and makes it difficult for non-native speakers to search for and subsequently hinders analysis.
There are many techniques out there to gather strings from message boxes (API Monitors, Window Handle Searches, debugging breakpoints, specialized software for text box monitoring), however, there is a simple method of obtaining the text from these windows that does not require any additional software.
View this very short analysis video for a demonstration on how to perform this handy trick: