FLOSS

by Mandiantv3.1.1

Last updated Jun 8, 2026

Automatically extract obfuscated strings from malware.

Install with winget

$ winget install --id Mandiant.FLOSS --exact --version 3.1.1

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

The FLARE Obfuscated String Solver (FLOSS, formerly FireEye Labs Obfuscated String Solver) uses advanced static analysis techniques to automatically extract and deobfuscate all strings from malware binaries. You can use it just like strings.exe to enhance the basic static analysis of unknown binaries.

Installers · v3.1.1

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

1 known CVE via NVD

medium5.4Patched in wingetCVE-2024-0320affects v9.0.3.936530Jan 15, 2024
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.

Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

Python 3.14Python Software Foundation
Python.Python.3.14v3.14.6
A programming language that lets you work more quickly and integrate your systems more effectively.
Python 3.13Python Software Foundation
Python.Python.3.13v3.13.14
Python is a programming language that lets you work more quickly and integrate your systems more effectively.
GoodbyeDPIValdikSS
ValdikSS.GoodbyeDPIv0.2.3rc3
This software is designed to bypass Deep Packet Inspection systems found in many Internet Service Providers which block access to certain websites.
Office Deployment ToolMicrosoft Corporation
Microsoft.OfficeDeploymentToolv16.0.20026.20112
A command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Microsoft 365 Apps for enterprise, to your client computers.
S
SwitchCraftFaserF
FaserF.SwitchCraftv2026.1.3
Silent Install Switch Finder & Packaging Assistant
Hyper-V-SwitchRaynerSec
RaynerSec.Hyper-V-Switchv1.0.1
This program enables and disables Hyper-V Hypervisor so you can use other virtualization tools such as VMware and VirtualBox simultaneously.

More from Mandiant or browse analysis, deobfuscation, deobfuscate.

Frequently asked questions

How do I install FLOSS on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Mandiant.FLOSS --exact --version 3.1.1. winget downloads the installer from Mandiant and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install FLOSS silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Mandiant.FLOSS --exact 3.1.1 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall FLOSS via winget?

Run: winget uninstall --id Mandiant.FLOSS --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from FLOSS's Apps & Features entry.

Is FLOSS free?

FLOSS is distributed under Apache-2.0. Refer to the publisher (https://github.com/mandiant/flare-floss) for the full license terms - Wingetly itself does not charge for installation.

Does FLOSS work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls FLOSS directly from the publisher.

How do I keep FLOSS up to date?

Run winget upgrade --id Mandiant.FLOSS --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of FLOSS from microsoft/winget-pkgs.