Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update bincapz to v0.18.0 #407

Closed
wants to merge 3 commits into from

Add PR permissions

1b8dae1
Select commit
Loading
Failed to load commit list.
Closed

Update bincapz to v0.18.0 #407

Add PR permissions
1b8dae1
Select commit
Loading
Failed to load commit list.
VirusTotal YARA-CI / False Negatives failed Aug 16, 2024 in 1m 17s

False negatives found

  • 584 hashes mentioned in 690 rules
  • 489 hashes found in VirusTotal
  • 54 false negatives found

Details

Non matching file Rule YARA file
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 pip_installer_regex rules/admin/package-install.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 zip rules/archives/zip.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f zip rules/archives/zip.yara
240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 miner_kvryr_stak_alike rules/combo/backdoor/net_term.yara
43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 php_eval_get_contents rules/combo/backdoor/php.yara
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725 conti_alike rules/combo/locker/readdir_rename_encrypt.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 multiple_browser_credentials rules/combo/stealer/browser.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 suspected_data_stealer rules/combo/stealer/creds.yara
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 password_finder_mimipenguin rules/combo/stealer/password.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 embedded_zstd rules/data/embedded-zstd.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f leveldb rules/databases/leveldb.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f dyld_library_path rules/env/DYLD_LIBRARY_PATH.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_php_functions_multiple rules/evasion/base64-php_functions.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_php_functions_multiple rules/evasion/base64-php_functions.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_python_functions rules/evasion/base64-python.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_python_functions rules/evasion/base64-python.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_decrypt rules/evasion/decrypt-eval.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_fernet rules/evasion/decrypt-eval.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 fake_user_agent_firefox rules/evasion/fake-user-agent.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat rules/evasion/string_concatenation.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat_long rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat_long rules/evasion/string_concatenation.yara
236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd obfuscated_concat_multiple rules/evasion/string_concatenation.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 obfuscated_concat_multiple rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a obfuscated_concat_multiple rules/evasion/string_concatenation.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f subprocess rules/exec/program.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 posix_spawn rules/exec/program.yara
ced05b1f429ade707691b04f59d7929961661963311b768d438317f4d3d82953 npm_uname rules/kernel/platform.yara
da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 conti_phrases rules/malware/family/conti.yara
955e9bbcdf1cb230c5f079a08995f510a3b96224545e04c1b1f9889d57dd33c1 http_server rules/net/http-server.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 unusual_sudo_commands_value rules/privesc/sudo.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f py_multiprocessing rules/process/multiprocess.yara
58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 pid_inspector_high rules/procfs/pid-inspector.yara
12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e pid_inspector_high rules/procfs/pid-inspector.yara
8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 dev_shm_file rules/ref/path/dev-shm.yara
8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 dev_shm_file rules/ref/path/dev-shm.yara
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 etc_ld_preload_not_ld rules/ref/path/etc-ld.so.preload.yara
ced05b1f429ade707691b04f59d7929961661963311b768d438317f4d3d82953 var_root_path rules/ref/path/var-root.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 osascript_caller rules/ref/program/osascript.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 infection rules/ref/words/infected.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 interceptor rules/ref/words/intercept.yara
b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 random_target rules/ref/words/random_target.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 firefox_cookies rules/secrets/firefox-cookies.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f firefox_history rules/secrets/firefox-formhistory.yara
fe3ac61c701945f833f218c98b18dca704e83df2cf1a8994603d929f25d1cce2 macos_library_keychains rules/secrets/keychain.yara
e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da ssh_folder rules/secrets/ssh.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b nftables rules/security_controls/linux/iptables.yara
89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f nftables rules/security_controls/linux/iptables.yara
82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 ufw rules/security_controls/linux/ufw.yara
03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 ufw rules/security_controls/linux/ufw.yara
Files not found in VirusTotal
b4e65c01ab90442cb5deda26660a3f81bd400c205e12605536483f979023aa15
ab531d7eb4160bdf1ef5c3e745ad92601f66afa13c150b2547cbe788db84d7d1
9a85e7aee672b1258b3d4606f700497d351dd1e1117ceb0e818bfea7922b9a96
dd8a8a9dde32a14a7222a28e878d13c4f0bccd5eb54d0575fa6332d001226715
b5fa20b9c699995990ca3af5bd4a5d76da12c125c541f33ac2b61990b16d353c
900c0453212babd82baa5151bba3d8e6fa56694aff33053de8171a38ff1bef09
d9c819b4e14a64033d0188a83dab05771a1914f00a14e8cc12f96e5d0c4f924a
9b073472cac7f3f8274165a575e96cfb4f4eb38471f6a8e57bb9789f3f307495
8243cab8a268a8489387d12bde031e9476118eb8eb7923208ab18e802b1f1ace
c68e907642a8462c6b82a50bf4fde82bbf71245ab4edace246dd341dc72e5867
156ee05a1c1c1c68441fb8eedc034c50293ff0a643a8a1c132363e612a08fa6d
657bd1f3e53993cb7d600bfcd1a616c12ed3e69fa71a451061b562e5b9316649
76b0bcdf0ea0b62cee1c42537ff00d2100c54e40223bbcb8a4135a71582dfa5d
9af37b5973ee1e683d9708591cbe31b8a1044aab88b92b5883bdd74bcf8d807b
150fd62db4024e240040be44b32d7ce98df80ab86dfd564a173cd231f2254abc
f6d9de8c96e3a9b24287eff608ba6ae59aed653e465112f31e679ae50b8172f3
c54bfacc63cd61c7d66e7282f17402c851b2b4cfdc9af7c1a81ad6a7838df19a
5e774902d99c93cf4e7441a8a7d5674966ee6ca72760779639bbf3a9a9a3e065
26f98a78fbb198aec50dc425f53145cc47d031bd4e56fc77fcf22605875f094c
d7f012d3985cb0666de172e158e3d0e0b516e2fffd5da942e027fe437c8af1c7
630bbcf0643d9fc9840f2f54ea4ae1ea34dc94b91ee011779c8e8c91f733c9f5
c347d9501f782d13983a6c7228791c96241311fd7677233b443b25fa053c18d6
270c76aeebb271754a8cc344e8a06ed39749f55bbe10577e227eccfae6ee01b8
a7f45d75612e95b091e35550c0bde2ba50a2a867d68eb43296b2fc4622198f74
171288619486905a2fdf581f24a98f4e19ae928bd31a7fc8bd9d035cb2b8368b
bb6ca6bfd157c39f4ec27589499d3baaa9d1b570e622722cb9bddfff25127ac9
f39b16ebb3809944722d4d7674dedf627210f1fa13ca0969337b1c0dcb388603
d87523348d89037b632e4c383372dc1c11e1c266688cc2b67b1333f88a474ae1
ba46608e52a24b7583774ba259cf997c6f654a398686028aad56855a2b9d6757
4573af129e3e1a197050e2fd066f846c92de64d8d14a81a13d975a2cbc6d391e
4613cd16ce84ce12dcb87bc63da999daededd11a31eda471673dd28a6a844c31
9a5f6318a395600637bd98e83d2aea787353207ed7792ec9911b775b79443dcd
63acea4dcef0084a9b6ccc17c56f712f32cfd3a5d752c7509fd0553177812a94
6c50a21a69f2bcb27a55e909f9fecd4a7bd7fc0898730d1c76e65b2a7172710b
1b92cb3d4b562d0eb05c3b2f998e334273ce9b491bc534d73bcd0b4952ce58d2
723326f8551f2a92ccceeec93859f58df380a3212e7510bc64181f2a0743231c
41967393b2c1e645456d59dabb3837f605dd30b9c4a72aaebaf51ecc572d24bd
e9f89885876c1958bc6eede3373e4f3c4d76a5bc35a247fb7531b757798cb032
f8feafb93e55e75e9e52c5db3835e646e182b7910afa9152b112ff9d5a29a197
6876fe8c752aae93650ac914735b21361b01aafb19a2a9ed5a7c736174d3ddbe
e394d87045c800a63bd4d295e635ff8a03624255c3fd85fe8e6957807f1cb569
c72f0194a61dcf25779370a6c8dd0257848789ef59d0108a21f08301569d4441
4f07f1c783affdde5ac4eb029e10c1a13d69d8b04f14897277f226b0f342013c
c7ffb802c0e2813e2b0edba2efe8fa660740806b902cd1f1aea01c998812206d
61075056b46d001e2e08f7e5de3fb9bfa2aabf8fb948c41c62666fd4fab1040f
7c8d783c489337251125204c4b7f9222d83058ed6872f55db1319a0be7337f05
7a4e6a21ac07f3d42091e3ff3345747ff68d06657d8fbd7fc783f89da99db20c
36831e715a152658bab9efbd4c2c75be50ee501b3dffdb5798d846a2259154a2
64771788a20856c7b2a29067f41be9cb7138c11a2cf2a8d17ab4afe73516f1ed
ed706eb208f271abdbbe1cd7cd94cd8c8603f811018d5207a120c718f59652e9
503fcf8b03f89483c0335c2a7637670c8dea59e21c209ab8e12a6c74f70c7f38
1a80591019dea60785fff842da5f7347248e8ddf6a8a121d077210a06ba45e42
d7c34b9d711260c1cd001ca761f5df37cbe40b492f198b228916b6647b660119
663b75b098890a9b8b02ee4ec568636eeb7f53414a71e2dbfbb9af477a4c7c3d
710368bd25889cb1d61ce82ac59c4cc076ea8021f9d3c47bb6ae79ca2901bdc2
8c914dfa5cb7fd25d87ee802a48e8e63c090ceb400f0fd3cd0bf605bba36a4bd
b87023e546bcbde77dae065ad3634e7a6bd4cc6056167a6ed348eee6f2a168ae
b52dd01d1f1416820108af0be32067e8990e076bf8f917a40a61c919e89e5551
ebcd4d091dad0cbd946df2f0fe79d67ccd2aa7c315994b2a1e92c8de08e7a9b9
fa8d2c01cf81a052ea46650418afa358252ce6f9ce2eb65df3b3e3c7165f8d92
106eef08f3bfcced3e221ee6f789792650386d7794d30c80eae19e42ef893682
cbe882505708c72bc468264af4ef5ae5de1b75de1f83bba4073f91568d9d20a1
a6f1f9c9180cb77952398e719e4ef083ccac1e54c5242ea2bc6fe63e6ab4bb29
fd2f0e9cf4288d2be6b22bd0c6e8a5eb99777939c9b2278ecf89f5b8ad536719
aa7a7ad320421cdbeb2f488318849c3494b8ecba4e0f9c3623c3c16287cdd55a
9ca4a18bce328b79720fd18bee56f1f4778f492c70f14dd0d3fdf2148c3e3998
7664e04586d294092c86b7203f0651d071a993c5d62875988c2c5474e554c0e8
8d4daa082c46bfdef3d85a6b5e29a53ae4f45197028452de38b729d76d3714d1
6acfc6f82f0fea6cc2484021e87fec5e47be1459e71201fbec09372236f8fc5a
62e08e4967da57e037255d2e533b7c5d7d1f1773af2a06113470c29058b5fcd0
4d4d52eed849554e1c31d56239bcf8ddc7e27fd387330f5ab1ce7d118589e5f3
e3a457ec75e3a042fb34fa6d49e0e833265d21d26c4e0119aaa1b6ec8a9460ec
dcee481328f711fa39566942f2c1b70b9a9c9cfc736f42094c4f734bdae6a5f5
8729e61daf18a196f7571fa097be32dd7b4dbcc3e3794be1102aa2ad91f4cbe0
acf556b26bb0eb193e68a3863662d9707cbf827d84c34fbc8c19d09b8ea811a1
d83f43f47c1438d900143891e7a542d1d24f9adcbd649b7698d8ee7585068039
1a6f8d758c6e569109a021c01cc4a5e787a9c876866c0ce5a15f07f266ec8059
e93e524797907d57cb37effc8ebe14e6968f6bca899600561971e39dfd49831d
8c227f67a16162ffd5b453a478ced2950eba4cbe3b004c5cc935fb9551dc2289
7e9492e670d5b0552b62c9bccbd5325609ebaa31bbeaa56953c692b4d970a777
506e12e4ce1359ffab46038c4bf83d3ab443b7c5db0d5c8f3ad05340cb09c38e
5c4943cbcc683fe368f13e5609b9c79ace3b9d9cee7aa1009d5b1792b3bd9c5b
ca4a74ebf4a5eb00d7d5b668b5e702161ed30160d88cfed2d249aa5523b30d86
912dc3aee7d5c397225f77e3ddbe3f0f4cf080de53ccdb09c537749148c1cc08
a34a36ec6b7b209aaa2092cc28bc65917e310b3181e98ab54d440565871168cb
58829e93da60b0934d7739d1a6aba92d665ac72bab9efc0571c0fc9751d40f3e
fd74f0eecebb47178ef98ac9a744daaf982a16287c78fd9cb2fe9713f542f8c5
f6b7984c76d92390f5530daeacf4f77047b176ffb8eaf5c79c74d6dd4d514b2b
bab1040a9e569d7bf693ac907948a09323c5f7e7005012f7b75b5c1b2ced10ad
9ce3da0322ee42e9119abb140b829efc3c94ea802df7a6f3968829645e1a5330
86493d2b4f47ea277c2997aa723dcd6c99f75a829ac4d3b93e0b7870bfcc404c
e96f6ca8ecc00fcfac88679e475022091ce47f75c54f47570d66a56d77cd5ea6
d49043306ff8d6b394c6f39d70bd208ad740a6030d3cc5b5427d03cc7e494e7f
50aea94a6e503d0d3f7c5aa0284746262a3d1afe092b369992070af94a4c1997
5dbab6891fefb2ba4e3983ddb0d95989cf5611ab85ae643afbcc5ca47c304a4a