mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve Skater .NET detector

Browse source 
Add upstream GitHub reference and replace the slow signature-in-section check with PE.isNetObjectPresent checks for 'RustemSoft.Skater' and 'RustemSoft.Skater.Skater_NET_Obfuscator' to speed up detection. Keeps the existing EP .NET compare logic and version detection for 2.X.
This commit is contained in:
DosX 2026-06-22 18:33:15 +03:00
commit 6b53f22ae4
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
db/PE/protector_Skater.2.sg
View file

@ -1,6 +1,7 @@
// Detect It Easy: detection rule file
// Author: horsicq <horsicq@gmail.com>
// https://github.com/Rustemsoft/Skater-.NET-Obfuscator
meta("protector", "Skater");
function detect() {
@ -8,7 +9,7 @@ function detect() {
if (PE.compareEP_NET("4228070000066f09000006283800000a2a1b3004006f0000000d0000110272b9")) {
sVersion = "2.X";
bDetected = true;
} else if (PE.isSignatureInSectionPresent(0, "'RustemSoft.Skater'")) {
} else if (PE.isNetObjectPresent("RustemSoft.Skater") || PE.isNetObjectPresent("RustemSoft.Skater.Skater_NET_Obfuscator")) {
bDetected = true;
}
}