mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve BeRoEXEPacker detection

Browse source 
Add an additional PE.compare check in detect() to match the signature "'BeRo'******!PE" at offset 4 (ORed with the existing check). This broadens detection for BeRoEXEPacker-packed PE files and sets bDetected when matched without altering existing checks.
This commit is contained in:
DosX 2026-06-05 21:03:28 +03:00
commit be59ae73dc
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
db/PE/packer_BeRoEXEPacker.2.sg
View file

@ -26,7 +26,7 @@ function detect() {
} else if (PE.compareEP("60c8940c0060fcbe........ad8945fc33c0f7d08945f8f7d0b408b923030000")) {
sVersion = "1.00";
sOptions = "LZBRA";
} else if (PE.compare("52c3'(C)BeRo!PE'0000", 2)) {
} else if (PE.compare("52c3'(C)BeRo!PE'0000", 2) || PE.compare("'BeRo'******!PE", 4)) {
bDetected = true;
}