capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard

Published 20 hours ago verified publisher icon mandiant

detect uncommon .NET entry points

Open mike-hunhoff opened this issue 1 year ago • 1 comments

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

mike-hunhoff avatar Mar 16 '23 17:03 mike-hunhoff