gitea-mirror/capa - capa - Gitea: Git with a cup of tea

mirror of https://github.com/mandiant/capa.git synced 2025-12-31 23:16:10 -08:00

Author	SHA1	Message	Date
Capa Bot	e928d281dd	Sync capa-testfiles submodule	2020-12-30 15:21:36 +00:00
Capa Bot	625583f5ab	Sync capa rules submodule	2020-12-23 12:44:25 +00:00
Capa Bot	ab54553dd2	Sync capa rules submodule	2020-12-22 17:16:54 +00:00
Moritz	47bf7b1325	Merge pull request #375 from doomedraven/return_dict add render to dict, is the same as default but just in dictionary so …	2020-12-22 15:52:50 +01:00
Moritz	145d75f579	Merge pull request #381 from fireeye/fix/viv-set-logger-levels set level of more viv loggers explicitly	2020-12-22 15:52:05 +01:00
Capa Bot	01d976d7f7	Sync capa rules submodule	2020-12-22 13:17:37 +00:00
Capa Bot	095e3720ab	Sync capa-testfiles submodule	2020-12-22 12:00:35 +00:00
Capa Bot	d62a37fe1f	Sync capa-testfiles submodule	2020-12-21 16:17:33 +00:00
Capa Bot	5323f2fc31	Sync capa rules submodule	2020-12-17 17:14:43 +00:00
Capa Bot	5539cb0d08	Sync capa rules submodule	2020-12-17 17:12:21 +00:00
Capa Bot	76e80106d6	Sync capa-testfiles submodule	2020-12-17 09:29:56 +00:00
Capa Bot	9ab7b9a033	Sync capa rules submodule	2020-12-16 20:47:34 +00:00
Capa Bot	fe97d6a349	Sync capa-testfiles submodule	2020-12-15 19:23:15 +00:00
Capa Bot	2242c2afe8	Sync capa-testfiles submodule	2020-12-15 19:19:09 +00:00
Willi Ballenthin	ec25fb5c36	Merge pull request #384 from fireeye/dependabot/pip/smda-1.5.10 Bump smda from 1.5.9 to 1.5.10	2020-12-14 10:32:31 -07:00
dependabot[bot]	ce25f5cadd	Bump smda from 1.5.9 to 1.5.10 Bumps [smda](https://github.com/danielplohmann/smda) from 1.5.9 to 1.5.10. - [Release notes](https://github.com/danielplohmann/smda/releases) - [Commits](https://github.com/danielplohmann/smda/commits) Signed-off-by: dependabot[bot] <support@github.com>	2020-12-14 07:15:58 +00:00
Capa Bot	1099f40f19	Sync capa rules submodule	2020-12-12 05:43:31 +00:00
Capa Bot	70368b3f1e	Sync capa rules submodule	2020-12-11 10:42:16 +00:00
Capa Bot	0181ebad45	Sync capa-testfiles submodule	2020-12-10 17:38:00 +00:00
DoomedRaven	e158e3f13c	remove type hint to make CI happy	2020-12-08 21:46:39 +01:00
DoomedRaven	b1bbded23c	black -l 120 .	2020-12-08 21:39:50 +01:00
DoomedRaven	b77d9d3738	isort --profile black --length-sort --line-width 120 capa_as_library.py	2020-12-08 21:34:42 +01:00
DoomedRaven	d0b2421752	isort capa_as_library.py	2020-12-08 20:53:26 +01:00
DoomedRaven	96b65a7c60	add example how to render it as library ``` >>> from capa_as_library import capa_details >>> details = capa_details("/opt/CAPEv2/storage/analyses/83/binary", "dictionary") >>> from pprint import pprint as pp >>> pp(details) {'ATTCK': {'DEFENSE EVASION': ['Obfuscated Files or Information [T1027]', 'Virtualization/Sandbox Evasion::System Checks ' '[T1497.001]'], 'EXECUTION': ['Shared Modules [T1129]']}, 'CAPABILITY': {'anti-analysis/anti-vm/vm-detection': ['execute anti-VM ' 'instructions (3 ' 'matches)'], 'anti-analysis/obfuscation/string/stackstring': ['contain ' 'obfuscated ' 'stackstrings'], 'data-manipulation/encryption/rc4': ['encrypt data using RC4 ' 'PRGA'], 'executable/pe/section/rsrc': ['contain a resource (.rsrc) ' 'section'], 'host-interaction/cli': ['accept command line arguments'], 'host-interaction/environment-variable': ['query environment ' 'variable'], 'host-interaction/file-system/read': ['read .ini file', 'read file'], 'host-interaction/file-system/write': ['write file (3 ' 'matches)'], 'host-interaction/process': ['get thread local storage value ' '(3 matches)', 'set thread local storage value ' '(2 matches)'], 'host-interaction/process/terminate': ['terminate process (3 ' 'matches)'], 'host-interaction/thread/terminate': ['terminate thread'], 'linking/runtime-linking': ['link function at runtime (7 ' 'matches)', 'link many functions at runtime'], 'load-code/pe': ['parse PE header (3 matches)']}, 'MBC': {'ANTI-BEHAVIORAL ANALYSIS': ['Virtual Machine Detection::Instruction ' 'Testing [B0009.029]'], 'ANTI-STATIC ANALYSIS': ['Disassembler Evasion::Argument Obfuscation ' '[B0012.001]'], 'CRYPTOGRAPHY': ['Encrypt Data::RC4 [C0027.009]', 'Generate Pseudo-random Sequence::RC4 PRGA ' '[C0021.004]']}, 'md5': 'ad56c384476a81faef9aebd60b2f4623', 'path': '/opt/CAPEv2/storage/analyses/83/binary', 'sha1': 'aa027d89f5d3f991ad3e14ffb681616a77621836', 'sha256': '16995e059eb47de0b58a95ce2c3d863d964a7a16064d4298cee9db1de266e68d'} >>> ```	2020-12-08 20:00:24 +01:00
Willi Ballenthin	177c90093e	Merge pull request #380 from doomedraven/patch-1 fix is_ordinal IndexError	2020-12-08 09:21:53 -07:00
Moritz Raabe	28ee091107	set level of more viv loggers explicitly	2020-12-08 16:30:23 +01:00
doomedraven	64c71d8e6d	fix is_ordinal IndexError ``` Traceback (most recent call last): File "/opt/CAPE/utils/../lib/cuckoo/common/cape_utils.py", line 223, in flare_capa_details capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True) File "/usr/local/lib/python2.7/dist-packages/capa/main.py", line 116, in find_capabilities function_matches, bb_matches, feature_count = find_function_capabilities(ruleset, extractor, f) File "/usr/local/lib/python2.7/dist-packages/capa/main.py", line 68, in find_function_capabilities for feature, va in extractor.extract_insn_features(f, bb, insn): File "/usr/local/lib/python2.7/dist-packages/capa/features/extractors/viv/__init__.py", line 84, in extract_insn_features for feature, va in capa.features.extractors.viv.insn.extract_features(f, bb, insn): File "/usr/local/lib/python2.7/dist-packages/capa/features/extractors/viv/insn.py", line 599, in extract_features for feature, va in insn_handler(f, bb, insn): File "/usr/local/lib/python2.7/dist-packages/capa/features/extractors/viv/insn.py", line 93, in extract_insn_api_features for name in capa.features.extractors.helpers.generate_symbols(dll, symbol): File "/usr/local/lib/python2.7/dist-packages/capa/features/extractors/helpers.py", line 61, in generate_symbols if not is_ordinal(symbol): File "/usr/local/lib/python2.7/dist-packages/capa/features/extractors/helpers.py", line 45, in is_ordinal return symbol[0] == "#" IndexError: string index out of range ```	2020-12-08 09:50:00 +01:00
Moritz	9ce0c94e17	Merge pull request #379 from fireeye/fix/nzxor-xor-instructions add more xor instructions	2020-12-08 09:37:35 +01:00
Moritz Raabe	08c3372635	add more xor instructions	2020-12-08 09:21:50 +01:00
Capa Bot	2fafc70b69	Sync capa-testfiles submodule	2020-12-07 18:06:53 +00:00
Capa Bot	0e62ebe3a2	Sync capa-testfiles submodule	2020-12-07 17:16:01 +00:00
Moritz	1cc4d20b89	Merge pull request #373 from fireeye/ci/setup-dependabot add dependabot config	2020-12-07 18:03:57 +01:00
Capa Bot	af4889894a	Sync capa rules submodule	2020-12-04 08:31:42 +00:00
Moritz	429a5e1ea3	Merge pull request #378 from fireeye/fix/viv-string-extractor fix: add viv extract strings for i386ImmMemOper operands	2020-12-04 08:55:23 +01:00
Moritz Raabe	4ef860eb07	fix: add viv extract strings for i386ImmMemOper operands	2020-12-03 20:24:29 +01:00
Capa Bot	b59ebf30c6	Sync capa-testfiles submodule	2020-12-03 18:57:45 +00:00
Capa Bot	a1ae8d54a6	Sync capa rules submodule	2020-12-02 15:24:15 +00:00
Capa Bot	8155207bea	Sync capa rules submodule	2020-12-02 15:13:30 +00:00
Capa Bot	337d2cfa6d	Sync capa rules submodule	2020-12-02 15:12:27 +00:00
Capa Bot	df2229782b	Sync capa rules submodule	2020-12-02 15:08:55 +00:00
doomedraven	5920552649	small improvements	2020-12-01 20:31:56 +01:00
doomedraven	b4827fcb00	add render to dict, is the same as default but just in dictionary so simplifies the integrations	2020-12-01 19:43:54 +01:00
Willi Ballenthin	63983ccb65	Merge pull request #372 from doomedraven/patch-1 Simple example how to use capa as library	2020-12-01 06:56:44 -07:00
Willi Ballenthin	eac7e2b749	capa_as_library: style and comments	2020-12-01 06:54:55 -07:00
Moritz Raabe	65a365bca1	update halo requirements py2/3	2020-12-01 11:46:53 +01:00
Moritz Raabe	fecd0e11eb	add dependabot config	2020-12-01 11:46:14 +01:00
doomedraven	51ad526cfc	Simple example how to use capa as library Just quick example how to use capa as library, to save time to someone, reading code and scripts	2020-12-01 11:20:49 +01:00
Moritz	10a062017d	Merge pull request #370 from fireeye/pin-smda pin smda	2020-12-01 11:10:23 +01:00
Moritz Raabe	0d351794db	pin smda addresses #369	2020-12-01 11:02:36 +01:00
Capa Bot	067e3ffced	Sync capa-testfiles submodule	2020-11-30 19:36:59 +00:00

1 2 3 4 5 ...

1027 Commits