AV Scanning

Yara

-C # compiles rules 
-c # print only number of matches
-f # fast matching mode 
-w # disable warnings 
-r # recurse 
-p <threads>
yara64.exe -C <rules> <file/directory>

Capa

designed to be run against a single file of interest.

-v # verbose 
-vv # extra verbose 
-f <format> # format: pe,sc32,sc64
-r <rules> # alternative rule dir 
-t <tag> # filter on specific rule meta field value 
-j # output json
capa.exe -f pe <file>

PreviousSignature Scanning NextLogon Tracer

Last updated 1 year ago