collect file extensions seen in CAPE sample imports #1823
Comments
❯ jq ".static.pe.imports[].dll" mnt/public_full_reports/0* | tr "[:upper:]" "[:lower:]" | sed -e "s/^.*\(\.[^.]*\)\"/\1/g" | sort | uniq -c | sort -nr
18651 .dll
404 .drv
4 .ocx
2 "*invalid*"
1 "ntdll"
|
|
I propose to remove this in an upcoming PR to address #1815. |
|
Although, should we keep the DLL name for imports? We'll always have these. |
|
Are we fine leaving it with .dll and .drv? |
|
|
|
|
|
can this be closed? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
capa/capa/features/extractors/helpers.py
Lines 57 to 59 in b8b55f4
The text was updated successfully, but these errors were encountered: