github mandiant/capa v9.0.0
on GitHub

17 hours ago

This release introduces a new scope for dynamic analysis, "span of calls", that matches features against a across a sliding window of API calls within a thread. Its useful for identifying behaviors that span multiple API calls, such as OpenFile/ReadFile/CloseFile, without having to analyze an entire thread, which may be very long.

The release also contains a number of bug fixes and enhancements by new contributors: @v1bh475u and @dhruvak001. Welcome and thank you!

New Features

  • add warning for dynamic .NET samples #1864 @v1bh475u
  • add lint for detecting duplicate features in capa-rules #2250 @v1bh475u
  • add span-of-calls scope to match features against a across a sliding window of API calls within a thread @williballenthin #2532
  • add lint to catch rules that depend on other rules with impossible scope @williballenthin #2124

Breaking Changes

  • remove is_static_limitation method from capa.rules.Rule
  • add span-of-calls scope to rule format
  • capabilities functions return dataclasses instead of tuples

New Rules (3)

  • data-manipulation/encryption/rsa/encrypt-data-using-rsa-via-embedded-library @Ana06
  • data-manipulation/encryption/use-bigint-function @Ana06
  • internal/limitation/dynamic/internal-dotnet-file-limitation @v1bh475u

Bug Fixes

Development

  • license & copyright: Correct LICENSE file and improve copyright and license information headers in the source code files @Ana06
  • documentation: Improve CLA and Code of Conduct information in CONTRIBUTING @Ana06

Raw diffs

Check out latest releases or
releases around mandiant/capa v9.0.0

Don't miss a new capa release

NewReleases is sending notifications on new releases.

Get notifications