In case you’re wondering if I’m still installing my new system. Yes, I do, and it’s a long process ;). Today we’re installing capa-explorer, which is a IDA plugin to integrate capa into IDA Pro.

I’m still on a pretty fresh installation so the first step is to install cmake because lief, which is part of capa, needs it.

brew install cmake

After installing cmake, we follow the offical guide from their github page.

pip3 install flare-capa
Download capa rules from https://github.com/mandiant/capa-rules
Download capa explorer from https://raw.githubusercontent.com/mandiant/capa/master/capa/ida/plugin/capa_explorer.py and copy it to your IDA plugins directory 

Your IDA plugin directory should be located here (if you don’t have a plugins folder, just create it):

/Users/your_user/.idapro/plugins

The plugin should now be available in IDA Pro under plugins.

The next step will be to set up the rule path for the capa rules we downloaded before.

Analyzing the loaded sample in IDA should now work, except there is a problem with the installed capa version and the downloaded ruleset, see this issue

To fix it, I used the rule set 3.2.0 which worked well.