When performing basic static analysis of malware, the file’s strings can provide helpful indicators, including filenames, registry keys, and URLs. The strings can additionally hint at a program’s capabilities and its intended use. Identifying unique strings in malware is also a great way to pivot to related samples. Searching private and public databases for unique strings may lead you to existing analysis results and (leaked) source code. In this blog post I define the term unique string, explain how to leverage unique strings, look at common issues when dealing with unique strings, and provide a solution to automatically extract them.