williballenthin
commented
14 hours ago Hey @Greatz08
Thanks for raising this concern about our intro. I appreciate the request to recognize open source software, including Al-Khaser - a tool that has definitely influenced capa!
First, let's continue this thread of discussion, because its important to get right fully and consistently.
With that said, the wording of our intro is ambiguous, and our reference to suspicious.exe does not refer to the Al-Khaser binary. The screenshot of Al-Khaser was added very recently and is independent of the case study around suspicious.exe (which I think is actually Wannacry). When we added the screenshot, we didn't update the wording, so when we say "In the above sample output..." we mean way above not "immediately above" which is certainly confusing.
I think we should update our wording to make the examples and their sources more clear. We can open a PR for that. What else do you think we can do?
Instead of this you can mention properly with due respect that you have used open source project which is based on malware analysis kind of tool and what all things it runs and showcase how capa can detect all those as example . In this way people will not have wrong image about al-khaser project which is important because it also deserves equal respect as open source project which is unique and well maintained instead of been shown as "unknown suspicious binary" plus they can read al-khaser code (https://github.com/LordNoteworthy/al-khaser) and understand all how it works and what all things it do plus how project capa can detect all those things successfully from exe file so all together this would give best open picture to all users.