From ce67d99e49408358dfc33f13af8b6bdb9fc7f0b3 Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <wballenthin@hex-rays.com>
Date: Tue, 13 Jan 2026 13:36:51 +0100
Subject: [PATCH] ida: skip function-name features for default names (sub_*)

---
 capa/features/extractors/ida/function.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/capa/features/extractors/ida/function.py b/capa/features/extractors/ida/function.py
index 28b77259..6ff1f28d 100644
--- a/capa/features/extractors/ida/function.py
+++ b/capa/features/extractors/ida/function.py
@@ -54,6 +54,10 @@ def extract_recursive_call(fh: FunctionHandle):
 def extract_function_name(fh: FunctionHandle) -> Iterator[tuple[Feature, Address]]:
     ea = fh.inner.start_ea
     name = idaapi.get_name(ea)
+    if name.startswith("sub_"):
+        # skip default names, like "sub_401000"
+        return
+
     yield FunctionName(name), fh.address
     if name.startswith("_"):
         # some linkers may prefix linked routines with a `_` to avoid name collisions.