You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/book/src/usage/packages.rst
-46Lines changed: 0 additions & 46 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -163,7 +163,6 @@ The following is a list of the existing packages in alphabetical order:
163
163
**Options**:
164
164
* ``offset``: specify the offset to run with the 64-bit CAPE loader.
165
165
166
-
* ``shellcode-unpacker``: used to run and analyze **Shellcode** via the 32-bit CAPE loader, with unpacking!
167
166
* ``shellcode``: used to run and analyze **Shellcode** via the 32-bit CAPE loader, with unpacking!
168
167
169
168
**Options**:
@@ -173,51 +172,6 @@ The following is a list of the existing packages in alphabetical order:
173
172
174
173
*NB*: You need to have ``flashplayer.exe`` in the analyzer's ``bin`` folder.
175
174
176
-
* ``unpacker_dll``: used to run and analyze **Dynamically Linked Libraries** via ``flashplayer.exe``, with unpacking!
177
-
178
-
*NB*: You need to have ``flashplayer.exe`` in the analyzer's ``bin`` folder.
179
-
180
-
**Options**:
181
-
* ``arguments``: specify arguments to pass to the DLL through commandline.
182
-
* ``dllloader``: specify a process name to use to fake the DLL launcher name instead of ``rundll32.exe`` (this is used to fool possible anti-sandboxing tricks of certain malware).
183
-
* ``function``: specify the function to be executed. If none is specified, CAPE will try to run all available functions,
184
-
up to the limit found in the `max_dll_exports` task option.
185
-
186
-
* ``unpacker_js``: used to run and analyze **JavaScript and JScript Encoded files** via ``wscript.exe``, with unpacking!
187
-
* ``unpacker_ps1``: used to run and analyze **PowerShell scripts** via ``powershell.exe``, with unpacking!
188
-
* ``unpacker_regsvr``: used to run and analyze **Dynamically Linked Libraries** via ``regsvr.exe``, with unpacking!
189
-
190
-
**Options**:
191
-
* ``arguments``: specify any command line argument to pass to the initial process of the submitted malware.
192
-
193
-
* ``unpacker_zip``: used to run and analyze **Zip archives** via the zipfile Python package, and runs an executable file (if it exists), with ``cmd.exe``. Also unpacking!
194
-
195
-
**Options**:
196
-
* ``arguments``: specify arguments to pass to the DLL through commandline.
197
-
* ``dllloader``: specify a process name to use to fake the DLL launcher name instead of ``rundll32.exe`` (this is used to fool possible anti-sandboxing tricks of certain malware).
198
-
* ``file``: specify the name of the file contained in the archive to execute. If none is specified, CAPE will try to execute *sample.exe*.
199
-
* ``function``: specify the function to be executed. If none is specified, CAPE will try to run the entry at ordinal 1.
200
-
* ``password``: specify the password of the archive. If none is specified, CAPE will try to extract the archive without password or use the password "*infected*".
201
-
202
-
* ``unpacker``: used to run and analyze generic **Windows executables**, with unpacking!
203
-
204
-
**Options**:
205
-
* ``arguments``: specify any command line argument to pass to the initial process of the submitted malware.
206
-
207
-
* ``upx_dll``: used to run and analyze **Dynamically Linked Libraries** packed with **Ultimate Packer for eXecutables**.
208
-
209
-
**Options**:
210
-
* ``arguments``: specify arguments to pass to the DLL through commandline.
211
-
* ``dllloader``: specify a process name to use to fake the DLL launcher name instead of ``rundll32.exe`` (this is used to fool possible anti-sandboxing tricks of certain malware).
212
-
* ``function``: specify the function to be executed. If none is specified, CAPE will try to run all available functions,
213
-
up to the limit found in the `max_dll_exports` task option.
214
-
215
-
* ``upx``: used to run and analyze generic **Windows executables** packed with **Ultimate Packer for eXecutables**.
216
-
217
-
**Options**:
218
-
* ``appdata``: *[yes/no]* if enabled, run the executable from the APPDATA directory.
219
-
* ``arguments``: specify any command line argument to pass to the initial process of the submitted malware.
220
-
221
175
* ``vawtrak``: used to run and analyze **Vawtrak malware** with ``iexplore.exe``.
0 commit comments