-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create encrypt-data-using-rc4-via-systemfunction033.yml #890
Conversation
Similar to SystemFunction032, this undocumented API allows encryption/decryption using RC4 algo
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @dstepanic!
We should get the test file added too, though since it's shellcode I'm not sure it'll work in our test harness.
Are you able to sign the CLA? After I'd be happy to merge this PR.
Thanks @williballenthin. Yes, I signed the CLA yesterday. Appreciate it. |
please rename per the lint info:
I've added the testfile to capa-testfiles. |
file and rule name still don't pass the linter |
Thank you!! |
Hi,
This rule is pretty much a duplicate of the existing rule (SystemFunction032), it's paired with another undocumented API (
SystemFunction033
) that implements encryption/decryption using RC4 algorithm. Thanks!References