From 123ca919ebba7eadf8306caa62e6ae56301da95f Mon Sep 17 00:00:00 2001
From: Kevin O'Reilly <kevoreilly@gmail.com>
Date: Wed, 20 May 2026 11:42:49 +0100
Subject: [PATCH 1/3] Remove spurious sideloading-related code erroneously
 added in ccf4bb8

---
 analyzer/windows/lib/api/process.py | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/analyzer/windows/lib/api/process.py b/analyzer/windows/lib/api/process.py
index 6eb459e1bf0..4c3ee1847b2 100644
--- a/analyzer/windows/lib/api/process.py
+++ b/analyzer/windows/lib/api/process.py
@@ -925,22 +925,6 @@ def inject(self, interest=None, nosleepskip=False):
             self.deploy_version_proxy(path)
             return True
 
-        if self.detect_dll_sideloading(path):
-            try:
-                copy(dll, os.path.join(path, "capemon.dll"))
-                copy(side_dll, os.path.join(path, "version.dll"))
-                copy(os.path.join(Path.cwd(), "dll", f"{self.pid}.ini"), os.path.join(path, "config.ini"))
-            except OSError as e:
-                log.error("Failed to copy DLL: %s", e)
-                return False
-            log.info(
-                "%s DLL to sideload is %s, sideloader %s",
-                bit_str,
-                os.path.join(path, "capemon.dll"),
-                os.path.join(path, "version.dll"),
-            )
-            return True
-
         log.info("%s DLL to inject is %s, loader %s", bit_str, dll, bin_name)
 
         try:

From 4150acd150edd097285b070fea5e7c753b77bd26 Mon Sep 17 00:00:00 2001
From: doomedraven <doommedraven@gmail.com>
Date: Wed, 20 May 2026 13:21:44 +0200
Subject: [PATCH 2/3] fix unused var

---
 analyzer/windows/lib/api/process.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analyzer/windows/lib/api/process.py b/analyzer/windows/lib/api/process.py
index 4c3ee1847b2..bfe278a47b5 100644
--- a/analyzer/windows/lib/api/process.py
+++ b/analyzer/windows/lib/api/process.py
@@ -890,13 +890,13 @@ def inject(self, interest=None, nosleepskip=False):
             bin_name = LOADER64_NAME
             dll = CAPEMON64_NAME
             bit_str = "64-bit"
-            side_dll = SIDELOADER64_NAME
+            # side_dll = SIDELOADER64_NAME
         else:
             ttd_name = TTD32_NAME
             bin_name = LOADER32_NAME
             dll = CAPEMON32_NAME
             bit_str = "32-bit"
-            side_dll = SIDELOADER32_NAME
+            # side_dll = SIDELOADER32_NAME
 
         bin_name = os.path.join(Path.cwd(), bin_name)
         dll = os.path.join(Path.cwd(), dll)

From 076eb14307888bef93263c4e769c30907c796bad Mon Sep 17 00:00:00 2001
From: Kevin O'Reilly <kevoreilly@gmail.com>
Date: Wed, 20 May 2026 13:09:21 +0100
Subject: [PATCH 3/3] cape_utils: add parser name to debug output

---
 lib/cuckoo/common/cape_utils.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/cuckoo/common/cape_utils.py b/lib/cuckoo/common/cape_utils.py
index dfd8961b094..86da8daa75d 100644
--- a/lib/cuckoo/common/cape_utils.py
+++ b/lib/cuckoo/common/cape_utils.py
@@ -199,7 +199,7 @@ def static_config_parsers(cape_name: str, file_path: str, file_data: bytes) -> d
     # MalDuck
     # Attempt to import a parser for the hit
     if HAVE_CAPE_EXTRACTORS and cape_name in cape_malware_parsers:
-        log.debug("Running CAPE on %s", file_path)
+        log.debug("Running CAPE parser for %s on %s", cape_name, file_path)
         try:
             # changed from cape_config to cape_configraw because of avoiding overridden. duplicated value name.
             if hasattr(cape_malware_parsers[cape_name], "extract_config"):
@@ -225,7 +225,7 @@ def static_config_parsers(cape_name: str, file_path: str, file_data: bytes) -> d
 
     # DC3-MWCP
     if HAS_MWCP and not parser_loaded and cape_name and cape_name in mwcp_decoders:
-        log.debug("Running MWCP on %s", file_path)
+        log.debug("Running MWCP parser for %s on %s", cape_name, file_path)
         try:
             report = mwcp.run(mwcp_decoders[cape_name], data=file_data)
             reportmeta = report.as_dict_legacy()
@@ -260,7 +260,7 @@ def static_config_parsers(cape_name: str, file_path: str, file_data: bytes) -> d
             )
 
     elif HAS_MALWARECONFIGS and not parser_loaded and cape_name in rat_decoders:
-        log.debug("Running Malwareconfigs on %s", file_path)
+        log.debug("Running Malwareconfig parser for %s on %s", cape_name, file_path)
         try:
             module = False
             file_info = fileparser.FileParser(rawdata=file_data)