Comment by codezero
17 hours ago
Yes, but even back then I was aware of the sections in executables (wasn’t this where it was found?) and any neckbeard from the 70s and 80s might be even more so aware. That said, yeah, sure, it’s a very possible and understandable oversight, but I’m weary because of all the text in viruses and such as indicators. Seems like a pass over ‘strings’ would be obvious. Though. TIL, strings doesn’t necessarily scan the entire executable.
The same binary has encrypted strings so I assume there was a pass, but if you look at the source control strings they seem to decrease the appearance of maliciousness, even today they are out of place for malware