-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OOM on certain files when using Python module #1945
Comments
Thanks for the detailed report. You mention that the capa binary works. |
I see what's going on. The bulk-processor script only analyzes samples as native PEs. These samples are .NET and when analyzed in vivisect causes the issues. So there's two issues:
|
Standalone binary.
Oh cool, ran into this when using AssemblyLine, looks like they based the CAPA service on that bulk analyze script - https://github.com/CybercentreCanada/assemblyline-service-capa |
the bulk-export bug should be fixed in #1948 |
Description
When using Capa as a library against certain files the process ends up just OOMing..
Steps to Reproduce
Find a file that triggers it, I can provide a few samples if that helps.
https://www.virustotal.com/gui/file/f88e1f280af5b7ea78a8f0f59fba910e54e2eaeb2f34611a7e36f33b505d2784
https://www.virustotal.com/gui/file/f0fa2602f5b65dd91ec0eb7626556f6e9d07ed39065a574e05974a0bc3651017
Expected behavior:
Runs successfully against the file.
Actual behavior:
Process is killed by the oom killer.
Versions
pip list installed | grep -i flare
flare-capa 6.1.0
python3 --version
Python 3.8.10
Using Ubuntu 20.04
Additional Information
Interestingly, running the capa binary against the file works without any dramas.
The text was updated successfully, but these errors were encountered: