-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vmray: escape characters #2428
Comments
@mike-hunhoff, can you do a sanity check for me here...? does https://github.com/mandiant/capa-rules/pull/938/files work for you with https://github.com/mandiant/capa-testfiles/blob/tests/add-data/dynamic/vmray/86d8257ae56e5d8220a4e3f8396d944b5e9e41732b58ad7472276d78aea232fa_min_archive.zip |
Matt confirmed that it doesn't work. Still need to find where it's going wrong. |
I think this may be where we need to improve String feature extraction:
|
Yes, appears to be a bug in the string extraction. Updating the rule to use |
raw summary JSON vs. XML
|
adding |
raw:
parsed feature currently:
should unescape the
\\
and other similar itemsThe text was updated successfully, but these errors were encountered: