Extracting Language and Runtime-Specific Strings in Go, Rust, and Beyond

The FLOSS: Language Specific Strings project aims to enhance the FLARE tool called FLOSS, which is used to deobfuscate protected strings found in malware. The proposed framework will extract language and runtime-specific strings from executables. The project will develop a language identification module, with initial focus on Go and Rust. We will research language string embeddings and create extractor code, leveraging existing knowledge and code to bootstrap this. The project will identify strings related to runtime and library code for targeted programming languages and extend standard output format to render the results. The successful completion of this project will make FLOSS more useful for security analysts and manifest its success as the default tool used for malware analysis.