mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

new installers

Browse source
This commit is contained in:
hypn0chka 2026-04-22 22:32:12 +05:00
commit 365f4ba00d
7 changed files with 106 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
db/Binary/data_overlays.6.sg
View file

@ -361,6 +361,24 @@ function detect() {
} else if (Binary.compare("d90e0100889f")) {
sName = "Winlicense xored EXE (0xC5 xor mask)";
bDetected = true;
} else if (Binary.compare("000201010002e000400bf00900120002")) {
sName = "ARDI-SFX data";
bDetected = true;
} else if (Binary.compare("7856341278563412")) {
sName = "Stardust SFX data";
bDetected = true;
} else if (Binary.compare("'lsfx'..02")) {
sName = "EXEpress data";
bDetected = true;
} else if (Binary.compare("'JKMNPQSTVWYZ'")) {
sName = "Jexepack data";
bDetected = true;
} else if (Binary.compare("'XXWTInstall'")) {
sName = "WTInstall data";
bDetected = true;
} else if (Binary.compare("00000000ffffffff00000000'BZh'")) {
sName = "InstallWrap data (BZIP)";
bDetected = true;
}
/* var ArcOffset=Binary.findSignature(Binary.getOverlayOffset(),0x400, "'|http:'");

17
db_extra/PE/ARDI-SFX.1.sg Normal file
View file

@ -0,0 +1,17 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("sfx", "ARDI");
function detect() {
if (PE.compareOverlay("000201010002e000400bf00900120002")) {
if (PE.compareEP("e9$$$$$$$$5351525589e583ec..b8........e8........a1........83c0..24fc31d2")) { //Watcom C/C++32
sOptions = "EMT4PM by Daniel F. Valot (2002)";
bDetected = true;
} else if (PE.compareEP("c705................e9$$$$$$$$5351525589e583ec..b8........e8........a1")) { //Watcom C/C++32
sOptions = "EMT4PM by Daniel F. Valot (1999)";
bDetected = true;
}
}
return result();
}

14
db_extra/PE/EXEpress.1.sg Normal file
View file

@ -0,0 +1,14 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("installer", "EXEpress");
function detect() {
if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965")) { //Microsoft Visual C_C++(6.0 (1720-9782), by EP)
if (PE.compareOverlay("'lsfx'..02")) {
bDetected = true;
}
}
return result();
}

15
db_extra/PE/InstallWrap.1.sg Normal file
View file

@ -0,0 +1,15 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("installer", "InstallWrap");
function detect() {
if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965")) { //Microsoft Visual C_C++(6.0 (1720-9782), by EP)
if (PE.compareOverlay("00000000ffffffff00000000'BZh'")) {
sOptions = "BZIP";
bDetected = true;
}
}
return result();
}

14
db_extra/PE/Jexepack.1.sg Normal file
View file

@ -0,0 +1,14 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("packer", "Jexepack");
function detect() {
if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965")) { //Microsoft Visual C_C++(6.0 (1720-9782), by EP)
if (PE.compareOverlay("'JKMNPQSTVWYZ'")) {
bDetected = true;
}
}
return result();
}

14
db_extra/PE/Stardust.1.sg Normal file
View file

@ -0,0 +1,14 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("installer", "Stardust SFX");
function detect() {
if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965")) { //Microsoft Visual C_C++(6.0 (1720-9782), by EP)
if (PE.compareOverlay("7856341278563412")) {
bDetected = true;
}
}
return result();
}

14
db_extra/PE/WTInstall.1.sg Normal file
View file

@ -0,0 +1,14 @@
// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>
meta("installer", "WTInstall");
function detect() {
if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965")) { //Microsoft Visual C_C++(6.0 (1720-9782), by EP)
if (PE.compareOverlay("'XXWTInstall'")) {
bDetected = true;
}
}
return result();
}