Skip to content

[pull] master from kevoreilly:master#501

Merged
pull[bot] merged 3 commits into
threatcode:masterfrom
kevoreilly:master
Jul 8, 2026
Merged

[pull] master from kevoreilly:master#501
pull[bot] merged 3 commits into
threatcode:masterfrom
kevoreilly:master

Conversation

@pull

@pull pull Bot commented Jul 8, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

mattft0 and others added 3 commits July 7, 2026 12:36
calc_scoring() decided Undetected vs Failed based solely on the presence
of behavior.processtree. Static analysis (category "static") never runs
the sample in a VM, so processtree is always empty by design — every
clean static analysis was wrongly reported as "Failed". Also check raw
YARA matches on the target file (not just family-attributed detections)
to surface static hits as "Suspicious" instead of silently discarding them.
- finalMalscore now set to 4.0 when a raw YARA hit marks a static
  analysis as Suspicious, matching the 4.0-6.0 convention used by the
  existing Suspicious-Unknown branch instead of leaving it at 0.
- Replace chained .get(key, {}) calls with `... or {}` fallbacks so an
  explicit None on an intermediate key (target/file) can't raise
  AttributeError, and avoid the redundant double lookup of "target".

Addresses gemini-code-assist review on PR #3102.
…d-status

Fix false "Failed" status for static analysis with no signature hit
@pull pull Bot locked and limited conversation to collaborators Jul 8, 2026
@pull pull Bot added the ⤵️ pull label Jul 8, 2026
@pull
pull Bot merged commit cfc2420 into threatcode:master Jul 8, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants