vverbose: don't show examples in output

closes #970
mandiant · Apr 7, 2022 · 7ee3cce · 7ee3cce
1 parent 86fa5f3
commit 7ee3cce
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/capa/render/vverbose.py b/capa/render/vverbose.py
@@ -196,7 +196,6 @@ def render_rules(ostream, doc):
         author     michael.hunhoff@mandiant.com
         scope      function
         mbc        Anti-Behavioral Analysis::Detect Debugger::OutputDebugString
-        examples   Practical Malware Analysis Lab 16-02.exe_:0x401020
         function @ 0x10004706
           and:
             api: kernel32.SetLastError @ 0x100047C2
@@ -234,6 +233,13 @@ def render_rules(ostream, doc):
             if key == "name" or key not in rule["meta"]:
                 continue
 
+            if key == "examples":
+                # I can't think of a reason that an analyst would pivot to the concrete example
+                # directly from the capa output.
+                # the more likely flow is to review the rule and go from there.
+                # so, don't make the output messy by showing the examples.
+                continue
+
             v = rule["meta"][key]
             if not v:
                 continue