Merge pull request #973 from mandiant/feature-remove-example-vverbose

vverbose: don't show examples in output
2025-12-12 15:49:46 -08:00 · 2022-04-06 13:42:12 -06:00
parent 05f7ac0802 632e778376
commit ad90145aa7
1 changed files with 7 additions and 1 deletions
--- a/capa/render/vverbose.py
+++ b/capa/render/vverbose.py
@@ -196,7 +196,6 @@ def render_rules(ostream, doc):
        author     michael.hunhoff@mandiant.com
        scope      function
        mbc        Anti-Behavioral Analysis::Detect Debugger::OutputDebugString
-        examples   Practical Malware Analysis Lab 16-02.exe_:0x401020
        function @ 0x10004706
          and:
            api: kernel32.SetLastError @ 0x100047C2
@@ -234,6 +233,13 @@ def render_rules(ostream, doc):
            if key == "name" or key not in rule["meta"]:
                continue

+            if key == "examples":
+                # I can't think of a reason that an analyst would pivot to the concrete example
+                # directly from the capa output.
+                # the more likely flow is to review the rule and go from there.
+                # so, don't make the output messy by showing the examples.
+                continue
+
            v = rule["meta"][key]
            if not v:
                continue