Flare Floss Versions Save

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

v3.0.1

4 months ago

This release fixes the missing language module in the v3.0.0 PyPI build.

v3.0.0

4 months ago

New Features

  • identification of programs written in Go, Rust, and .NET
  • extraction of strings embedded in Go programs
  • extraction of strings embedded in Rust programs

Other Updates

  • updates to the IDA plugin
  • upgraded minimum required Python version to 3.8
  • various bug fixes
  • various code quality improvements

Google Summer of Code 2023

@Arker123 contributed the majority of features and improvements during the Google Summer of Code working closely with the Mandiant FLARE team. We'd like to thank him for the great collaboration and discussions before, during, and after the twelve week program.

Contributors

Thanks to all our contributors, including @symbolicvoid, @DiegoRomeo, @sara-rn and especially @Arker123

Full Changelog: https://github.com/mandiant/flare-floss/compare/v2.3.0...v3.0.0

quantumstrand-preview7

10 months ago

fixes:

  • PyInstaller build

quantumstrand-preview6

10 months ago

changes:

  • add column to show U to indicated UTF-16LE string (versus ASCII default)
  • add database of common junk code strings
  • add -n minimum string length CLI option

quantumstrand-preview5

10 months ago

readme

changes:

  • parse and display PE Authenticode signature region

fixes:

  • handling of non-PE files
  • various PE and code parsing fixes in lancelot
image image image

quantumstrand-preview4

10 months ago

readme

changes:

  • re-enable structure hints for strings found in known structures
  • tweak color used to display string address

image

image

v2.3.0

10 months ago

New Features

  • added false positive string filters
  • use rich library for rendering of output and traceback
  • initial detection of binaries compiled using Go
  • updated dependencies

Other Updates

  • various bug fixes

Contributors

Thanks to all our contributors, including @d01a, @Arker123, @Dobatymo, @Aayush-Goel-04, @symbolicvoid, @EmperialX, @ggold7046, @ooprathamm, @deepaksirohiwal, and @DeeyaSingh!

quantumstrand-preview3

10 months ago

readme

changes:

  • recursively parse PE files, such as those found with resources
  • add additional global prevalence database derived from 7 days of VT downloads
  • render regions with borders to better show groupings
  • don't show library tags when there are less than five matches to avoid false positives
  • hide strings that overlap with code
image image image

quantumstrand-preview2

11 months ago
image image

v2.2.0

1 year ago

New Features

  • ignore stackstrings and decoded strings that functions reference before analysis/decoding
  • updated dependencies, FLOSS now supports Python 3.11

Other Updates

  • macOS builds and tests now use macos-11