vmray: Input file is not a valid VMRay analysis archive: VMRay archive does not contain static data (file_type: MSI Setup)

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.

https://mandiant.github.io/capa/

Apache License 2.0

4.9k stars 564 forks source link

vmray: Input file is not a valid VMRay analysis archive: VMRay archive does not contain static data (file_type: MSI Setup) #2403

Open mr-tz opened 2 months ago

mr-tz commented 2 months ago

example MSI analysis archive I've looked at doesn't have file_analysis.ref_static_data so we fail here

mike-hunhoff commented 1 month ago

We presently fast fail if the VMRay archive does not contain static analysis data for the file submission. I'm guessing in the case of an MSI file VMRay does not capture static analysis data, but it would still be very useful to extract capabilities from the sandbox run. The static analysis data is used for global and file scope features, we can simply skip these features when analyzing an archive that doesn't contain static analysis data for the file submission.