vmray: do not restrict analysis to PE and ELF files, e.g. docx (#2672)

* vmray: do not restrict analysis to PE and ELF files, e.g. docx * update CHANGELOG
2025-12-12 15:49:46 -08:00 · 2025-05-30 13:53:12 -06:00
parent eb87153064
commit 98725c52dc
2 changed files with 2 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## master (unreleased)

 ### New Features
+- vmray: do not restrict analysis to PE and ELF files, e.g. docx @mike-hunhoff #2672

 ### Breaking Changes

--- a/capa/features/extractors/vmray/init.py
+++ b/capa/features/extractors/vmray/init.py
@@ -96,14 +96,7 @@ class VMRayAnalysis:
                % (self.submission_name, self.submission_type)
            )

-        if self.submission_static is not None:
-            if self.submission_static.pe is None and self.submission_static.elf is None:
-                # we only support static analysis for PE and ELF files for now
-                raise UnsupportedFormatError(
-                    "archive does not contain a supported file format (submission_name: %s, submission_type: %s)"
-                    % (self.submission_name, self.submission_type)
-                )
-        else:
+        if self.submission_static is None:
            # VMRay may not record static analysis for certain file types, e.g. MSI, but we'd still like to match dynamic
            # execution so we continue without and accept that the results may be incomplete
            logger.warning(