search

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs
https://github.com/mandiant/capa/
Apache License 2.0
514 stars 157 forks source link

[obfuscated-with-litcrypt] #889

Open lulzc opened 5 months ago

lulzc commented 5 months ago

Prerequisites

Summary

Target = Rust Binaries

LITCRYPT encrypts strings when compiling, keeping them encrypted in both disk and memory while running, and only decrypting them when needed.

Examples

Features

string: "litcrypt" string: "litcrypt::litcrypt_internal"

Additional context

Rule details

Namespace

anti-analysis/obfuscation/

References

https://github.com/anvie/litcrypt.rs

Other rule meta information

att&ck:
  - Defense Evasion::Obfuscated Files or Information [T1027]
mbc:
  - Anti-Static Analysis::Executable Code Obfuscation [B0032]