gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

tests: fix fva of substring test function

Browse Source
This commit is contained in:
William Ballenthin
2021-08-24 16:32:27 -06:00
parent db45068357
commit 2989732637
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/fixtures.py
View File

@@ -466,8 +466,8 @@ FEATURE_PRESENCE_TESTS = sorted(
("773290...", "function=0x140001140", capa.features.common.String(r"%s:\\OfficePackagesForWDAG"), True),
# insn/regex
("pma16-01", "function=0x4021B0", capa.features.common.Regex("HTTP/1.0"), True),
("pma16-01", "function=0x40328b", capa.features.common.Regex("www.practicalmalwareanalysis.com"), True),
("pma16-01", "function=0x40328b", capa.features.common.Substring("practicalmalwareanalysis.com"), True),
("pma16-01", "function=0x402F40", capa.features.common.Regex("www.practicalmalwareanalysis.com"), True),
("pma16-01", "function=0x402F40", capa.features.common.Substring("practicalmalwareanalysis.com"), True),
# insn/string, pointer to string
("mimikatz", "function=0x44EDEF", capa.features.common.String("INPUTEVENT"), True),
# insn/string, direct memory reference