mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Refine protector heuristic regex

Browse source 
Tighten the "protector" detection regex in db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg to avoid false positives. The updated pattern adds anchors and exclusions to skip Unity symbols like `_guard_c`/`_guard_d` and avoid matching Chromiums' exact "prot" token, and includes an inline comment explaining the exceptions.
This commit is contained in:
DosX 2026-06-17 14:21:28 +03:00
commit 1dd4e2eeaf
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

@ -2875,7 +2875,7 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
[
["a packer", null, [/p(?:a)?ck|sh(?:e)?ll|exe|^\.pe/i, /^PE/]],
["a cryptor", null, [/crypt|crpt|stub|enc|inj/i, /stb/]],
["a protector", null, [/(?!^prot$)prot|safe|lock|sec|virt|obf|guard|trial|sh(ie)?ld/i, /DRM|drm/]]
["a protector", null, [/^(?!_guard_[cd]$)(?:(?!^prot$)prot|safe|lock|sec|virt|obf|guard|trial|sh(ie)?ld)/i, /DRM|drm/]] // _guard_c/d = Unity, prot = Chromium
]
));