Jump to content

capa v1.6.1


Recommended Posts

v1.6.1 (2021-04-07)

This release includes several bug fixes, such as a vivisect issue that prevented capa from working on Windows with Python 3. It also adds 17 new rules and a bunch of improvements in the rules and IDA rule generator. We appreciate everyone who opened issues, provided feedback, and contributed code and rules.

Upcoming changes

This is the very last capa release that supports Python 2. The next release will be v2.0 and will have breaking changes, including the removal of Python 2 support.

New features


New Rules (17)

  • encrypt data using RC4 with custom key via WinAPI @MalwareMechanic
  • encrypt data using Curve25519 @dandonov
  • packaged as an IExpress self-extracting archive @recvfrom
  • create registry key via offline registry library @johnk3r
  • open registry key via offline registry library @johnk3r
  • query registry key via offline registry library @johnk3r
  • set registry key via offline registry library @johnk3r
  • delete registry key via offline registry library @johnk3r
  • enumerate PE sections @Ana06
  • inject DLL reflectively @Ana06
  • inspect section memory permissions @Ana06
  • parse PE exports @Ana06
  • rebuild import table @Ana06
  • compare security identifiers @mike-hunhoff
  • get user security identifier @mike-hunhoff
  • listen for remote procedure calls @mike-hunhoff
  • query remote server for available data @mike-hunhoff

Bug Fixes



Raw diffs


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...