search

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.88k stars 560 forks source link

AssertionError: 208a5ed91cd6196c7dd5c667a94e988a75ab22453b1b25daf50acb17197a935e #2230

Open williballenthin opened 3 months ago

williballenthin commented 3 months ago

208a5ed91cd6196c7dd5c667a94e988a75ab22453b1b25daf50acb17197a935e on VT

williballenthin commented 3 months ago

image

https://github.com/mandiant/capa/blob/cf3494d42744fba9dd46dca53908854058bd6bdf/capa/features/extractors/dnfile/helpers.py#L447

williballenthin commented 3 months ago

seems like a .NET header is present but most of the other structures are missing: image

williballenthin commented 3 months ago

maybe we need to extend is_dotnet_file to check for presence of mdtables: https://github.com/mandiant/capa/blob/cf3494d42744fba9dd46dca53908854058bd6bdf/capa/features/extractors/dotnetfile.py#L202

thoughts @mike-hunhoff ?