features: extract import A/W variants and their base names

closes #246
2026-01-10 04:05:32 -08:00 · 2020-08-31 17:13:10 -06:00
parent 5b349c1df8
commit 090ec46ca4
4 changed files with 46 additions and 10 deletions
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -283,6 +283,8 @@ FEATURE_PRESENCE_TESTS = [
    ("mimikatz", "file", capa.features.file.Import("nope"), False),
    ("mimikatz", "file", capa.features.file.Import("advapi32.CryptAcquireContextW"), True),
    ("mimikatz", "file", capa.features.file.Import("advapi32.CryptAcquireContext"), True),
+    ("mimikatz", "file", capa.features.file.Import("CryptAcquireContextW"), True),
+    ("mimikatz", "file", capa.features.file.Import("CryptAcquireContext"), True),
    # function/characteristic(loop)
    ("mimikatz", "function=0x401517", capa.features.Characteristic("loop"), True),
    ("mimikatz", "function=0x401000", capa.features.Characteristic("loop"), False),