Create encrypt-data-using-rc4-via-systemfunction033.yml

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

514 stars 157 forks source link

Create encrypt-data-using-rc4-via-systemfunction033.yml #890

Closed dstepanic closed 4 months ago

dstepanic commented 4 months ago

Hi,

This rule is pretty much a duplicate of the existing rule (SystemFunction032), it's paired with another undocumented API (SystemFunction033) that implements encryption/decryption using RC4 algorithm. Thanks!

References

google-cla[bot] commented 4 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

dstepanic commented 4 months ago

Thanks @williballenthin. Yes, I signed the CLA yesterday. Appreciate it.

mr-tz commented 4 months ago

please rename per the lint info:

FAIL: filename doesn't match the rule name: Rename rule file to match the rule name, expected: "encryptdecrypt-data-using-rc4-via-systemfunction033.yml", found: "encrypt-data-using-rc4-via-systemfunction033.yml"

I've added the testfile to capa-testfiles.

mr-tz commented 4 months ago

file and rule name still don't pass the linter

mr-tz commented 4 months ago

Thank you!!