Rename protector rule to packer and tighten detection

Rename db/PE/protector_Sixxpack.2.sg to db/PE/packer_Sixxpack.2.sg and change meta tag from "protector" to "packer". Add an additional guard so detection only runs when PE.isNet() and PE.isNetUStringPresent("Data Error") is present, preserving existing signature checks for versions 2.2, 2.4 and 2.X.
2026-06-24 01:54:08 +00:00 · 2026-04-24 00:08:08 +03:00 · 2026-04-24 00:08:08 +03:00 · 3320b2098f
commit 3320b2098f
parent 53925ddbb1
1 changed files with 21 additions and 21 deletions
--- a/db/PE/protector_Sixxpack.2.sg
+++ b/db/PE/protector_Sixxpack.2.sg
@ -1,21 +1,21 @@
-// Detect It Easy: detection rule file
-// Author: horsicq <horsicq@gmail.com>
-
-meta("protector", "Sixxpack");
-
-function detect() {
-    if (PE.isNet()) {
-        if (PE.isSignatureInSectionPresent(0, "00'actmp.dll'00'stub'00'Sixxpack'00")) {
-            sVersion = "2.2";
-            bDetected = true;
-        } else if (PE.isSignatureInSectionPresent(0, "0021......'xpack!'00................'xpack'00")) {
-            sVersion = "2.4";
-            bDetected = true;
-        } else if (PE.isNetObjectPresent("Sixxpack")) {
-            sVersion = "2.X";
-            bDetected = true;
-        }
-    }
-
-    return result();
-}
+// Detect It Easy: detection rule file
+// Author: horsicq <horsicq@gmail.com>
+
+meta("packer", "Sixxpack");
+
+function detect() {
+    if (PE.isNet() && PE.isNetUStringPresent("Data Error")) {
+        if (PE.isSignatureInSectionPresent(0, "00'actmp.dll'00'stub'00'Sixxpack'00")) {
+            sVersion = "2.2";
+            bDetected = true;
+        } else if (PE.isSignatureInSectionPresent(0, "0021......'xpack!'00................'xpack'00")) {
+            sVersion = "2.4";
+            bDetected = true;
+        } else if (PE.isNetObjectPresent("Sixxpack")) {
+            sVersion = "2.X";
+            bDetected = true;
+        }
+    }
+
+    return result();
+}