Versions:
FLOSS (FLARE Obfuscated String Solver) is a security utility published by Mandiant that automatically extracts obfuscated strings from malware binaries through advanced static analysis. The current release, version 3.1.1, continues the lineage formerly known as FireEye Labs Obfuscated String Solver and is designed to serve malware analysts, incident responders, and threat researchers who need rapid visibility into hidden indicators without manual de-obfuscation effort. By treating the tool as a drop-in replacement for the traditional strings.exe command, investigators can enhance basic static analysis workflows: pointing FLOSS at an unknown executable yields a comprehensive list of decoded plaintext strings—URLs, file paths, registry keys, API names, C2 fingerprints, and other artifacts that adversaries routinely conceal with XOR, base64, stack-string construction, or custom encoding schemes. The engine automates emulation of suspicious code regions, recognizes common obfuscation patterns, and outputs results in a format that feeds directly into YARA rule creation, IoC extraction reports, or SIEM enrichment pipelines. Because the solver operates without executing the sample, it safely integrates into air-gapped lab environments and triage scripts that process large malware corpora. The single-version catalog entry (3.1.1) reflects Mandiant’s iterative refinement of the original codebase, ensuring compatibility with contemporary PE, ELF, and shellcode specimens while maintaining the lightweight, command-line interface preferred by forensic toolchains. FLOSS is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: