mirror of
https://github.com/mandiant/capa.git
synced 2026-07-11 22:51:52 -07:00
readme: wording
This commit is contained in:
@@ -70,9 +70,9 @@ For more information about how to use capa, including running it as an IDA scrip
|
||||
# example
|
||||
|
||||
In the above sample output, we ran capa against an unknown binary (`suspicious.exe`),
|
||||
and the tool reported that the program can decode data via XOR and Base64,
|
||||
send HTTP requests, install a service, and spawn a new process.
|
||||
Taken together, this makes us think that `suspicious.exe` could be a backdoor.
|
||||
and the tool reported that the program can send HTTP requests, decode data via XOR and Base64,
|
||||
install services, and spawn new processes.
|
||||
Taken together, this makes us think that `suspicious.exe` could be a persistent backdoor.
|
||||
Therefore, our next analysis step might be to run `suspicious.exe` in a sandbox and try to recover the command and control server.
|
||||
|
||||
By passing the `-vv` flag (for very verbose), capa reports exactly where it found evidence of these capabilities.
|
||||
|
||||
Reference in New Issue
Block a user