Errors analyzing several ELF binaries

[q2dg]

Description

I've trying last released capa on several standard binaries from my Fedora 43 system but results are very disappointing.

Steps to Reproduce

When doing capa /bin/ls I get this result, which is shocking ("parse credit card information??")...

...but well, I could be. What it's not normal is that doing capa /usr/bin/gimp , capa remains stuck indefinitely or doing _capa -v ./yr (where "yr" is this binary: https://github.com/VirusTotal/yara-x/releases/download/v1.10.0/yara-x-v1.10.0-aarch64-unknown-linux-gnu.gz) I get this fatal error:

Expected behavior:

I would like to see coherent results/no errors analyzing linux binary files. I think this scope (ELF files in general) needs a bit of your love. Thanks!

Versions

Capa: 9.3.1
Kernel: 6.17.8-300.fc43.x86_64
Fedora: 43

[mr-tz]

Hey, thanks for the report. The parse credit card is a rule false positive hit. The rule isn't great and we can definitely tweak that.

For the ELF error there is an issue with the underlying analysis backend vivisect. I'll report the error upstream.