readme: wording

This commit is contained in:
Willi Ballenthin
2020-07-14 11:13:00 -06:00
committed by GitHub
parent 2294c5ef85
commit 56fcbcb020
+3 -3
View File
@@ -70,9 +70,9 @@ For more information about how to use capa, including running it as an IDA scrip
# example
In the above sample output, we ran capa against an unknown binary (`suspicious.exe`),
and the tool reported that the program can decode data via XOR and Base64,
send HTTP requests, install a service, and spawn a new process.
Taken together, this makes us think that `suspicious.exe` could be a backdoor.
and the tool reported that the program can send HTTP requests, decode data via XOR and Base64,
install services, and spawn new processes.
Taken together, this makes us think that `suspicious.exe` could be a persistent backdoor.
Therefore, our next analysis step might be to run `suspicious.exe` in a sandbox and try to recover the command and control server.
By passing the `-vv` flag (for very verbose), capa reports exactly where it found evidence of these capabilities.