Awesome

Resources for testing capa

Data to test capa's code and rules.

Naming conventions

We use the following conventions to organize the capa test data.

• File name
  • MD5 or SHA256 hash, all lower case, e.g.
    • d41d8cd98f00b204e9800998ecf8427e
    • e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  • Descriptive name, e.g.
    • kernel32
    • Practical Malware Analysis Lab 01-01
• File extension
  • .exe_
  • .dll_
  • .sys_
  • .elf_
  • .raw32 (32-bit shellcode)
  • .raw64 (64-bit shellcode)
  • .cs_ (C# source code)
  • .aspx_ (ASP.NET source code)
  • .py_ (Python source code)
• Directories
  • /: native test binaries
  • /dotnet: .NET test binaries
  • /sigs: test signatures
  • /source: source language test files e.g. C# and Python