FireEye capa

capa is the Mandiant FLARE team’s open-source tool for analyzing malicious programs. It detects capabilities in executable files and provides a framework for the community to encode, recognize, and share behaviors that the team has seen in malware. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate. Regardless of  your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does to help triage workflow.

The Terms of Use for this software are subject to the licensing and terms outlined in the OSS repository.

Learn More


Supported By:FireEye
Resources:Read me
Blog post

OSS Info


Similar Apps