capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
- https://arxiv.org/pdf/2103.07012.pdf - ColdPress: An Extensible Malware Analysis Platform for Threat Intelligence