Skip to content

Commit

Permalink
suggest to run on dynamic trace for packed samples (#852)
Browse files Browse the repository at this point in the history
* suggest to run on dynamic trace for packed samples

---------

Co-authored-by: Willi Ballenthin <[email protected]>
  • Loading branch information
mr-tz and williballenthin authored Nov 28, 2023
1 parent 305adfd commit 5a0d4df
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion internal/limitation/file/internal-packer-file-limitation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ rule:
This sample appears to be packed.
Packed samples have often been obfuscated to hide their logic.
capa cannot handle obfuscation well. This means the results may be misleading or incomplete.
capa cannot handle obfuscation well using static analysis. This means the results may be misleading or incomplete.
If possible, you should try to unpack this input file before analyzing it with capa.
Alternatively, run the sample in a supported sandbox and invoke capa against the report to obtain dynamic analysis results.
scopes:
static: file
dynamic: file
Expand Down

0 comments on commit 5a0d4df

Please sign in to comment.