threatcode · pull · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/analyzer/windows/data/yara/UPX.yar b/analyzer/windows/data/yara/UPX.yar
@@ -2,8 +2,8 @@ rule UPX
 {
     meta:
         author = "kevoreilly"
-        description = "UPX dump on OEP (original entry point)"
-        cape_options = "bp0=$upx32*,bp0=$upx64*,hc0=1,action0=step2oep"
+        description = "UPX Unpacker: dump on OEP (original entry point)"
+        cape_options = "bp0=$upx32*,bp0=$upx64*,hc0=1,action0=step2oep,imprec=1"
     strings:
         $upx32 = {6A 00 39 C4 75 FA 83 EC ?? E9}
         $upx64 = {6A 00 48 39 C4 75 F9 48 83 EC [1-16] E9}

diff --git a/analyzer/windows/dll/capemon.dll b/analyzer/windows/dll/capemon.dll
diff --git a/analyzer/windows/dll/capemon_x64.dll b/analyzer/windows/dll/capemon_x64.dll
diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,16 @@
+### [18.02.2026]
+* UPX Unpacker: enable import reconstruction
+* Monitor updates:
+    * Fix issue with VerifyHeaders() checking EP RVA in file: FileOffsetFromRVA()
+    * Add pids to FILE_NEW, FILE_DEL & FILE_MOVE monitor messages to accompany analyzer fix
+    * New hooks: RtlRemoveVectoredExceptionHandler, UnhandledExceptionFilter, GetPhysicallyInstalledSystemMemory, K32EnumProcesses, WTSEnumerateProcessesW, WTSEnumerateProcessesExW, LdrGetDllHandleEx, WTGetSignatureInfo, RtlWow64SetThreadContext
+    * YaraHarness: add 'coverage' action to remove dll from system 'range'
+    * Trace: improve recognition and handling of distinct code regions during debugging/tracing, expand ProcessOEP() action to allow shellcode dumpingrefine StrTest(W) functions  to filter more control characters from debugger log
+    * Add ntdll unhook protection (ntdll-unhook=1) via prevent_module_unhooking() from NtReadFile hook
+    * Add general hook protection (hook-protect=1) to protect hooks other than ntdll (ntdll-protect) - off by default
+    * Hooking: replace (allocating) convert_address_to_dll_name_and_offset() with non-allocating get_module_name()
+    * misc: prevent_module_unhooking() & gettib()
+
 ### [11.02.2026]
 * Guacamole integration:
     * New dependency `channels[daphne]>=4.0.0` added.

diff --git a/lib/cuckoo/core/data/tasking.py b/lib/cuckoo/core/data/tasking.py
@@ -777,7 +777,7 @@ def set_status(self, task_id: int, status) -> Optional[Task]:
         @param status: status string
         @return: operation status
         """
-        log.info("setstat task %d status %s",task_id,status)
+        log.info("setstat task %s status %s", task_id, status)
         task = self.session.get(Task, task_id)
 
         if not task:
@@ -1004,7 +1004,7 @@ def list_tasks(
         if tags_tasks_like:
             stmt = stmt.where(Task.tags_tasks.like(f"%{tags_tasks_like}%"))
         if tags_tasks_not_like:
-            stmt = stmt.where(Task.tags_tasks.notlike(f"%{tags_tasks_not_like}%"))
+            stmt = stmt.where(func.coalesce(Task.tags_tasks, "").notlike(f"%{tags_tasks_not_like}%"))
         if task_ids:
             stmt = stmt.where(Task.id.in_(task_ids))
         if user_id is not None: