mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Use non-capturing groups in regexes

Browse source 
Replace unnecessary capturing groups (...) with non-capturing groups (?:...) in several regex literals in db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg (e.g. section/flag and numeric suffix patterns). This prevents creating unused capture groups, clarifies intent, and preserves existing behavior.
This commit is contained in:
DosX 2026-05-10 01:03:22 +03:00
commit b90d1ff802
1 changed files with 61 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

122
db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

@ -2695,66 +2695,66 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
var dbCollectionOfSectionNamesDict = [
["DBPE", null, " "],
["Themida", "2.XX", " "], // https://www.oreans.com/Themida.php
["Themida", "2.XX", " "], // https://www.oreans.com/Themida.php
["Themida", "3.XX", [".loadcon", ".themida", ".winlice"]], // .
["Themida", null, [".stub01", "WinLicen", ".v-lizer", "Themida "]], // .
["PEBundle", null, /^(?:PEB|peb)undle$/], // https://bitsum.com/pebundle.htm
["Themida", null, [".stub01", "WinLicen", ".v-lizer", "Themida "]], // .
["PEBundle", null, /^(?:PEB|peb)undle$/], // https://bitsum.com/pebundle.htm
["DZA Patcher", null, "yoda"],
["UPX", null, /^UPX[0-3]$/], // https://github.com/upx/upx
["VMProtect", null, /^\.vmp[0-3]$/], // https://vmpsoft.com/
[".NET Reactor", "2.XX", ".reacto"], // https://www.eziriz.com/dotnet_reactor.htm
["ACProtect", null, ".perplex"], // https://acprotect-standard.soft112.com/
["UPX", null, /^UPX[0-3]$/], // https://github.com/upx/upx
["VMProtect", null, /^\.vmp[0-3]$/], // https://vmpsoft.com/
[".NET Reactor", "2.XX", ".reacto"], // https://www.eziriz.com/dotnet_reactor.htm
["ACProtect", null, ".perplex"], // https://acprotect-standard.soft112.com/
["ANDpakk2", null, "ANDpakk2"],
["ASM Guard", "2.XX", [".asmg", "ASMGUARD"]], // https://github.com/DosX-dev/ASM-Guard
["ASPack", "1.08-2.XX", ".adata"], // https://www.aspack.com/
["ASPack", "2.XX", ".aspack"], // .
["ASPack", null, /^(?:\.)?ASPack$/], // .
["Alienyze", null, ".alien"], // https://alienyze.com/
["BoxedApp", null, ".bxpck"], // https://www.boxedapp.com/
["CodeVirtualizer", null, ".vlizer"], // https://www.oreans.com/CodeVirtualizer.php
["Enigma", null, /^\.enigma[12]$/], // https://enigmaprotector.com/
["Eronana", null, ".packer"], // https://github.com/Eronana/packer
["MPRESS", null, /^\.MPRESS[12]$/], // https://www.autohotkey.com/mpress/mpress_web.htm
["NsPack", null, [/^(?:\.)?nsp[01]$/, /^PE[Pp][01]$/, ".Packer!"]], // https://nspack.apponic.com/
["PE Diminisher", null, ".teraphy"], // https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/ped.zip
["PE-SHiELD", null, ["PESHiELD", "ANAKiN98"]], // https://webscene.ir/tools/show/PE-SHIELD-0.25
["PECompact", null, [/^PEC2(MO)?$/, /^pec(1)?$/]], // https://bitsum.com/portfolio/pecompact/
["PELock", null, ["PELOCKnt", ".pelock"]], // https://www.pelock.com/ 💩
["Petite", null, /^(?:\.)?petite$/], // https://www.un4seen.com/petite/
["SecuROM", null, [/^\.cms_[dt]$/, ".securom", ".dsstext"]], // https://en.wikipedia.org/wiki/SecuROM
["StarForce", "3.X", [".sforce3", ".brick"]], // https://www.star-force.com/
["Wise Installer", null, ".wise"], // https://wpkg.org/WISE_installer
["Gentee Installer", null, ".gentee"], // https://www.gentee.com/download/
["Nullsoft Installer", null, ".ndata"], // https://sourceforge.net/projects/nsis/
["WiX Installer", null, ".wixburn"], // https://github.com/wixtoolset
["BeRoEXEPacker", null, ["packerBY", "bero^fr "]], // https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker
["Warbird", null, "?g_Encry"], // https://security-explorations.com/microsoft-warbird-pmp.html
["YodasCrypter", "1.X", "yC"], // https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download
["eXPressor", null, /^\.ex_(cod|rsc)$/], // https://www.cgsoftlabs.ro/express.html
["kkrunchy", null, "kkrunchy"], // https://www.farbrausch.de/~fg/kkrunchy/
["tElock", null, "UPX!"], // https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml
["Private EXE Protector", null, [".-PEP-", ".TRIAL!", ".const"]], // https://github.com/NIKJOO/PEP
["AtomPePacker", null, ".ATOM"], // https://web.archive.org/web/20221012050538/https://github.com/ORCx41/AtomPePacker
["ExeStealth", null, "ExeS"], // https://web.archive.org/web/20250124130104/https://www.webtoolmaster.com/exestealth.htm
["ASM Guard", "2.XX", [".asmg", "ASMGUARD"]], // https://github.com/DosX-dev/ASM-Guard
["ASPack", "1.08-2.XX", ".adata"], // https://www.aspack.com/
["ASPack", "2.XX", ".aspack"], // .
["ASPack", null, /^(?:\.)?ASPack$/], // .
["Alienyze", null, ".alien"], // https://alienyze.com/
["BoxedApp", null, ".bxpck"], // https://www.boxedapp.com/
["CodeVirtualizer", null, ".vlizer"], // https://www.oreans.com/CodeVirtualizer.php
["Enigma", null, /^\.enigma[12]$/], // https://enigmaprotector.com/
["Eronana", null, ".packer"], // https://github.com/Eronana/packer
["MPRESS", null, /^\.MPRESS[12]$/], // https://www.autohotkey.com/mpress/mpress_web.htm
["NsPack", null, [/^(?:\.)?nsp[01]$/, /^PE[Pp][01]$/, ".Packer!"]], // https://nspack.apponic.com/
["PE Diminisher", null, ".teraphy"], // https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/ped.zip
["PE-SHiELD", null, ["PESHiELD", "ANAKiN98"]], // https://webscene.ir/tools/show/PE-SHIELD-0.25
["PECompact", null, [/^PEC2(MO)?$/, /^pec(1)?$/]], // https://bitsum.com/portfolio/pecompact/
["PELock", null, ["PELOCKnt", ".pelock"]], // https://www.pelock.com/ 💩
["Petite", null, /^(?:\.)?petite$/], // https://www.un4seen.com/petite/
["SecuROM", null, [/^\.cms_[dt]$/, ".securom", ".dsstext"]], // https://en.wikipedia.org/wiki/SecuROM
["StarForce", "3.X", [".sforce3", ".brick"]], // https://www.star-force.com/
["Wise Installer", null, ".wise"], // https://wpkg.org/WISE_installer
["Gentee Installer", null, ".gentee"], // https://www.gentee.com/download/
["Nullsoft Installer", null, ".ndata"], // https://sourceforge.net/projects/nsis/
["WiX Installer", null, ".wixburn"], // https://github.com/wixtoolset
["BeRoEXEPacker", null, ["packerBY", "bero^fr "]], // https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker
["Warbird", null, "?g_Encry"], // https://security-explorations.com/microsoft-warbird-pmp.html
["YodasCrypter", "1.X", "yC"], // https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download
["eXPressor", null, /^\.ex_(?:cod|rsc)$/], // https://www.cgsoftlabs.ro/express.html
["kkrunchy", null, "kkrunchy"], // https://www.farbrausch.de/~fg/kkrunchy/
["tElock", null, "UPX!"], // https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml
["Private EXE Protector", null, [".-PEP-", ".TRIAL!", ".const"]], // https://github.com/NIKJOO/PEP
["AtomPePacker", null, ".ATOM"], // https://web.archive.org/web/20221012050538/https://github.com/ORCx41/AtomPePacker
["ExeStealth", null, "ExeS"], // https://web.archive.org/web/20250124130104/https://www.webtoolmaster.com/exestealth.htm
["RLPack", null, [".RLPack", ".packed"]],
["RLPack", null, "Obsidium"], // (Fake Obsidium section name)
["BattlEye", null, /^\.be[0-2]$/], // https://www.battleye.com/ (VMProtect-based)
["YodasProtector", "1.0b", [".y0da", ".yP"]], // https://yodap.sourceforge.net/
["obfus.h", null, ".obfh"], // https://github.com/DosX-dev/obfus.h
["Windows PE Packer by Chenzs108", null, ".shell"], // https://github.com/czs108/Windows-PE-Packer
["SoftSentry", null, [/^_(stext|rdata|data|idata|rsrc|reloc)$/, ".prdata"]], // https://forum.exetools.com/showthread.php?t=1181
["PE Lock Phantasm", "1.X", "DINGBOY"], // https://www.arteam.accessroot.com/download39d1.html
["XComp", null, /^\.XComp(0)?$/], // http://www.soft-lab.de/JoKo/
["XVolkolak", null, ".xvlk"], // unpacker & reconstructor
["NetShield", null, "!Sugar"], // https://github.com/AdvDebug/NetShield_Protector
["Fatpack", null, ".fpack "], // https://github.com/Fatmike-GH/Fatpack
["Safengine Shielden", null, ".sedat"], // https://safengine.com/downloads/get-demo
["Inquartos Obfuscator", null, ".inq"], // http://www.vbnet.ru/forum/show.aspx?id=175877
["WinUPack", null, [".ByDwing", ".Upack"]], // https://www.softpedia.com/get/PORTABLE-SOFTWARE/Compression-Tools/Windows-Portable-Applications-Portable-WinUpack.shtml
["Xenocode Postbuild", null, ".xcpad"], // https://download.cnet.com/xenocode-postbuild/3000-10250_4-10506240.html
["Denuvo", null, [/^\.[ex](code|text)$/, ".xtls", ".trace", ".arch", ".ooa"]], // https://en.wikipedia.org/wiki/Denuvo
["SteamStub", null, ".bind"], // https://gameindustry.eu/blog/steamstub-drm/
["Huan", null, ".huan"], // https://github.com/frkngksl/Huan
["RLPack", null, "Obsidium"], // (Fake Obsidium section name)
["BattlEye", null, /^\.be[0-2]$/], // https://www.battleye.com/ (VMProtect-based)
["YodasProtector", "1.0b", [".y0da", ".yP"]], // https://yodap.sourceforge.net/
["obfus.h", null, ".obfh"], // https://github.com/DosX-dev/obfus.h
["Windows PE Packer by Chenzs108", null, ".shell"], // https://github.com/czs108/Windows-PE-Packer
["SoftSentry", null, [/^_(?:stext|rdata|data|idata|rsrc|reloc)$/, ".prdata"]], // https://forum.exetools.com/showthread.php?t=1181
["PE Lock Phantasm", "1.X", "DINGBOY"], // https://www.arteam.accessroot.com/download39d1.html
["XComp", null, /^\.XComp(?:0)?$/], // http://www.soft-lab.de/JoKo/
["XVolkolak", null, ".xvlk"], // unpacker & reconstructor
["NetShield", null, "!Sugar"], // https://github.com/AdvDebug/NetShield_Protector
["Fatpack", null, ".fpack "], // https://github.com/Fatmike-GH/Fatpack
["Safengine Shielden", null, ".sedat"], // https://safengine.com/downloads/get-demo
["Inquartos Obfuscator", null, ".inq"], // http://www.vbnet.ru/forum/show.aspx?id=175877
["WinUPack", null, [".ByDwing", ".Upack"]], // https://www.softpedia.com/get/PORTABLE-SOFTWARE/Compression-Tools/Windows-Portable-Applications-Portable-WinUpack.shtml
["Xenocode Postbuild", null, ".xcpad"], // https://download.cnet.com/xenocode-postbuild/3000-10250_4-10506240.html
["Denuvo", null, [/^\.[ex](?:code|text)$/, ".xtls", ".trace", ".arch", ".ooa"]], // https://en.wikipedia.org/wiki/Denuvo
["SteamStub", null, ".bind"], // https://gameindustry.eu/blog/steamstub-drm/
["Huan", null, ".huan"], // https://github.com/frkngksl/Huan
["Alloy", null, ".alloy32"],
["Crinkler", null, "lz32.dll"],
["Crunch", "2.0", "BitArts"],
@ -2776,7 +2776,7 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
["RLP", null, ".rlp"],
["ORiEN", "2.XX", ".loader"],
["SC Pack", null, ".scpack"],
["SVK Protector", null, ["SVKP", /\.svkp( )?/]],
["SVK Protector", null, ["SVKP", /\.svkp(?: )?/]],
["SafeNet", null, /^\.AKS[1-3]$/],
["Shrinker", null, ".shrink1"],
["Simple Pack", null, ".spack"],
@ -2802,10 +2802,10 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
["XerinFuscator", null, ".Xerin"],
["AZProtect 0001", null, "AZPR0001"],
["ExeShield", null, ".shield"],
["XPack", null, /^\.XPack(0)?$/],
["XPack", null, /^\.XPack(?:0)?$/],
["KByS", null, ".shoooo"],
["HyperTech Crackproof", null, "peC"],
["Byfron", null, /^\.byfron(1)?$/],
["Byfron", null, /^\.byfron(?:1)?$/],
["DYAMAR", "1.3.X", /^\.dyamar[CD]$/],
["Alcatraz", null, ".0Dev"],
["Squishy", null, "logicoma"],
@ -2814,7 +2814,7 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
["N-Code", "0.2", [".pepsi", "n-coded", ".vrs"]],
["NoodleCrypt", "2.X", [".Ncryo ", ".De-vir "]],
["TheArk", null, ["30cm", ".tw"]],
["Virbox", null, /^\.v(data[1-9]|irbox[1-9]?)$/],
["Virbox", null, /^\.v(?:data[1-9]|irbox[1-9]?)$/],
["ElecKey", null, ".sstb"],
["PKLITE32", "1.1", ".pklstb"],
[".BJFnt", "1.X", ".BJFnt"],
@ -2834,7 +2834,7 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
["Lumy", null, ".lumy"],
["TomatoX", null, ".tomato"],
["PwdProtect", null, ".pwdprot"],
["ID Application", null, /^\.Prt(1)?$/],
["ID Application", null, /^\.Prt(?:1)?$/],
["PETetris", null, "PETETRIS"]
];