Strings – Windows CMD Command
Search for ANSI and UNICODE strings in binary files.
strings [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s]
-a Ascii-only search (Unicode and Ascii is default)
-b Bytes of file to scan
-f File offset at which to start scanning.
-o Print offset in file string was located
-n Minimum string length (default is 3)
-q Quiet (no banner)
-s Recurse subdirectories
-u Unicode-only search (Unicode and Ascii is default)
Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
if you run strings on a .jpg and one of them says ‘This program cannot be run in DOS mode‘ that’s no JPEG. Malware authors like to make Portable Executables that end in .gif/.jpg/etc to evade human checks.
Search one or more files for the presence of a particular string:
strings *.dll | findstr /i TextToSearchFor
Search a jpg file for signs of executable code:
strings sample.jpg | findstr /i /c:"This program cannot be run in DOS mode"