diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ad5e4c2..4889cf84 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,7 @@
 - fix: Scopes.from_dict uses cls instead of self so subclasses return the correct type @williballenthin
 - fix: correct wrong dict key in VMRay _compute_monitor_threads assertion (used thread_id instead of process_id) @williballenthin
 - fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin
+- fix: unpack getByteDef offset and slice buffer so ENDBRANCH check applies to target address, not segment start @williballenthin (SURF-45)
 - fix: correct inverted loop structure in extract_function_loop so each block edge is recorded as (src, dest) @williballenthin (SURF-44)
 - fix: initialize addr to None in Ghidra import extractors to prevent UnboundLocalError when external functions have no data references @williballenthin (SURF-43)
 - fix: assign ConfigDict to model_config in ConciseModel so extra="ignore" is actually applied @williballenthin (SURF-42)
diff --git a/capa/features/extractors/viv/insn.py b/capa/features/extractors/viv/insn.py
index 4fb2a44b..b2ba3312 100644
--- a/capa/features/extractors/viv/insn.py
+++ b/capa/features/extractors/viv/insn.py
@@ -158,7 +158,8 @@ def extract_insn_api_features(fh: FunctionHandle, bb, ih: InsnHandle) -> Iterato
                     yield API(name), ih.address
 
             # if jump leads to an ENDBRANCH instruction, skip it
-            if f.vw.getByteDef(target)[1].startswith(b"\xf3\x0f\x1e"):
+            _offset, _buf = f.vw.getByteDef(target)
+            if _buf[_offset:].startswith(b"\xf3\x0f\x1e"):
                 target += 4
 
             target = capa.features.extractors.viv.helpers.get_coderef_from(f.vw, target)