Capa Explorer Web: Web-based Program Ability Analysis Tools

The capa analysis results can be visualized in an easy-to-use and interactive manner with the help of the capa Explorer Web UI

[{"selector":"#anim-991f2c30-ecbc-4a4f-8783-e59e702b100e [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-46bcef77-3303-4292-b599-f1d325c5b594","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-8404ce3d-cfe4-4db3-98e8-d2f569f08590","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

First intend to improve the process tree view mode of capa Explorer Web to better visualize the per-process matching, Furthermore, it is thinking adding extracted Indicators of Compromise (IoCs) for dynamic analysis

[{"selector":"#anim-b8d4cd68-a74b-482f-8b0c-149639ec9b0d [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-2a8cfe73-09a8-4865-8c1c-d1f95e14226b","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-994293f0-35c1-443d-bdd9-5199cdab6643","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

The built-in web user interface (UI) shows recognized program capabilities as a rule match table. Expand, sort, filter, and search rule match details are available to users

[{"selector":"#anim-86b1df71-edbd-4902-8af4-6333489df3be [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-ccec6e8a-bf0f-4c53-a23f-cda78f329355","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-fc940761-7e1c-4c91-b16d-be7e2134bd08","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

You can load capa result documents from local JSON files, including Gzipped files, using capa Explorer Web. Your browser does all of the processing; no data is sent to servers

[{"selector":"#anim-adb317c7-4461-4d71-a9c3-c30eced4600d [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-bef6b6f3-2453-447c-9854-beba0f436cdb","keyframes":{"transform":["translate3d(115.23810%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8ef70c0e-8623-4f52-89e2-36979dd81c06","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7605546d-108e-42f9-af46-80a53d8bfbb4","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}]

You can start examining capa results right away by visiting its GitHub website to access capa Explorer Web. You can download an HTML file that is standalone from the website for use offline

[{"selector":"#anim-f2a84405-74f1-447e-963d-a77200f4f041 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-72dd0424-1544-4c55-a32d-5c1b899c91c5","keyframes":{"transform":["rotate(-540deg) scale(0.1)","none"],"opacity":[0,1]},"delay":0,"duration":1000,"fill":"both","iterations":1}]

The capa Explorer IDA plugin was the sole tool available for interactively exploring capa rule matches prior to the release of capa Explorer Web

[{"selector":"#anim-60515832-38d1-4c14-a330-25da5ec7d607 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-e49af294-6f2d-4b7e-a7be-3f400b44141f","keyframes":{"transform":["translate3d(115.23810%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.2, 0, .8, 1)","fill":"both"}] [{"selector":"#anim-19348517-b1f3-43a9-8ab5-7a4ecf615652","keyframes":{"transform":["rotateZ(180deg)","rotateZ(0deg)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.2, 0, .5, 1)","fill":"forwards"}]

Capa extracts characteristics from programs by analyzing them with a variety of backends, including Ghidra, CAPE, and IDA Pro

[{"selector":"#anim-38c43b8c-6f92-4ddb-a725-44ea30c7f854 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}]

For more details visit Govindhtech.com

[{"selector":"#anim-585237f7-0ccf-4b1c-90dd-44a3e9f72356 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-12.514648210040342%, 0, 0) translate(-25%, 0%) scale(1.5)","translate3d(0%, 0, 0) translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"fill":"forwards"}]