Rename and reorganize PE rule files

Renamed PE rule files to use a consistent naming convention with prefixes indicating their type (e.g., compiler_, packer_, installer_, etc.). Also updated file permissions to 100644 where needed and made minor whitespace-only changes to some files for consistency. This improves maintainability and clarity of the signature database.

db/PE/compiler_LCC-Win32.4.sg

@@ -1,17 +1,17 @@
-// Detect It Easy: detection rule file
-// Author: Jason Hood <jadoxa@yahoo.com.au>
-
-meta("compiler", "LCC-Win32")
-
-function detect() {
-    if (PE.isNet()) return; // Doesn't support .NET
-
-    if (PE.compareEP("64a1........5589e56a..68........68........506489..........83ec..53565789")) {
-        sVersion = "1.3";
-        bDetected = true;
-    }
-
-    sLang = "C";
-
-    return result();
-}
+// Detect It Easy: detection rule file
+// Author: Jason Hood <jadoxa@yahoo.com.au>
+
+meta("compiler", "LCC-Win32")
+
+function detect() {
+    if (PE.isNet()) return; // Doesn't support .NET
+
+    if (PE.compareEP("64a1........5589e56a..68........68........506489..........83ec..53565789")) {
+        sVersion = "1.3";
+        bDetected = true;
+    }
+
+    sLang = "C";
+
+    return result();
+}

db/PE/compiler_SpASM.4.sg

@@ -1,22 +1,22 @@
-// Detect It Easy: detection rule file
-
-meta("compiler", "SpASM");
-
-includeScript("SpASM");
-
-function detect() {
-    if (bSpASM) {
-        sVersion = PE.getCompilerVersion();
-        sOptions = PE.getGeneralOptionsEx(); // SpASM doesn't have a linker
-        bDetected = true;
-
-        // Correct version
-        if (PE.getMajorLinkerVersion() > 3) {
-            sVersion += "*";
-        }
-    }
-
-    _sLang = "ASMx" + (PE.is64() ? "64" : "86");
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("compiler", "SpASM");
+
+includeScript("SpASM");
+
+function detect() {
+    if (bSpASM) {
+        sVersion = PE.getCompilerVersion();
+        sOptions = PE.getGeneralOptionsEx(); // SpASM doesn't have a linker
+        bDetected = true;
+
+        // Correct version
+        if (PE.getMajorLinkerVersion() > 3) {
+            sVersion += "*";
+        }
+    }
+
+    _sLang = "ASMx" + (PE.is64() ? "64" : "86");
+
+    return result();
 }

db/PE/cryptor_AverCryptor.2.sg

@@ -1,21 +1,21 @@
-// Detect It Easy: detection rule file
-
-// https://web.archive.org/web/20071012084924/http://secnull.org/
-meta("cryptor", "AverCryptor");
-
-function detect() {
-    if (PE.compareEP("60E8000000005D81ED........8BBD........8B8D........B8")) {
-        bDetected = true;
-
-        switch (PE.readByte(PE.getEntryPointOffset() + 65)) {
-            case 0xFA: sVersion = "1.0"; break;
-            case 0xF7: sVersion = "1.02";
-        }
-
-        if (!PE.isSectionNamePresent(".avc")) {
-            sOptions = "modified";
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+// https://web.archive.org/web/20071012084924/http://secnull.org/
+meta("cryptor", "AverCryptor");
+
+function detect() {
+    if (PE.compareEP("60E8000000005D81ED........8BBD........8B8D........B8")) {
+        bDetected = true;
+
+        switch (PE.readByte(PE.getEntryPointOffset() + 65)) {
+            case 0xFA: sVersion = "1.0"; break;
+            case 0xF7: sVersion = "1.02";
+        }
+
+        if (!PE.isSectionNamePresent(".avc")) {
+            sOptions = "modified";
+        }
+    }
+
+    return result();
 }

db/PE/installer_Astrum.1.sg

@@ -1,20 +1,20 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("installer", "Astrum");
-
-function detect() {
-    if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")) {
-        if (PE.isOverlayPresent() != -1) {
-            for (var i = 0; i < PE.getNumberOfResources(); i++) {
-                if (PE.resource[i].Type == 77) {
-                    if (PE.findSignature(PE.resource[i].Offset, 0x140, "'AstrumInstallWizard'") != -1) {
-                        bDetected = true;
-                        break;
-                    }
-                }
-            }
-        }
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("installer", "Astrum");
+
+function detect() {
+    if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")) {
+        if (PE.isOverlayPresent() != -1) {
+            for (var i = 0; i < PE.getNumberOfResources(); i++) {
+                if (PE.resource[i].Type == 77) {
+                    if (PE.findSignature(PE.resource[i].Offset, 0x140, "'AstrumInstallWizard'") != -1) {
+                        bDetected = true;
+                        break;
+                    }
+                }
+            }
+        }
     }
 
     return result();

db/PE/installer_ClickTeam.1.sg

@@ -1,17 +1,17 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-// https://www.clickteam.com/download-centre/install-creator
-meta("installer", "ClickTeam");
-
-function detect() {
-    if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")) {
-        if (PE.compareOverlay("'wwgT)'")) {
-            bDetected = true;
-        } else if (PE.compareOverlay("..120100....0000")) {
-            bDetected = true;
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+// https://www.clickteam.com/download-centre/install-creator
+meta("installer", "ClickTeam");
+
+function detect() {
+    if (PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")) {
+        if (PE.compareOverlay("'wwgT)'")) {
+            bDetected = true;
+        } else if (PE.compareOverlay("..120100....0000")) {
+            bDetected = true;
+        }
+    }
+
+    return result();
 }

db/PE/installer_Instalit.1.sg

@@ -1,21 +1,21 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("installer", "Instalit");
-
-function detect() {
-    if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
-        for (var i = 0; i < PE.resource.length && !bDetected; i++) {
-            if (PE.resource[i].Type == 854 || PE.resource[i].Type == 808 || PE.resource[i].Type == 884) { // DLLFILE or EXEFILE or CFGFILE
-                sVersion = "7.10.11, x32";
-                bDetected = true;
-            } else if (PE.resource[i].Type == 686 || PE.resource[i].Type == 640) { // CFGFILE or EXEFILE
-                sVersion = "6.59.09, x32";
-                bDetected = true;
-            }
-
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("installer", "Instalit");
+
+function detect() {
+    if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
+        for (var i = 0; i < PE.resource.length && !bDetected; i++) {
+            if (PE.resource[i].Type == 854 || PE.resource[i].Type == 808 || PE.resource[i].Type == 884) { // DLLFILE or EXEFILE or CFGFILE
+                sVersion = "7.10.11, x32";
+                bDetected = true;
+            } else if (PE.resource[i].Type == 686 || PE.resource[i].Type == 640) { // CFGFILE or EXEFILE
+                sVersion = "6.59.09, x32";
+                bDetected = true;
+            }
+
+        }
+    }
+
+    return result();
 }

db/PE/installer_STATICSUP.1.sg

@@ -1,13 +1,13 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("installer", "STATICSUP");
-
-function detect() {
-    if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
-        if (PE.compareOverlay("67155234ff4d3642")) {
-            bDetected = true;
-        }
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("installer", "STATICSUP");
+
+function detect() {
+    if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
+        if (PE.compareOverlay("67155234ff4d3642")) {
+            bDetected = true;
+        }
     }
 
     return result();

db/PE/joiner_inPEct.1.sg

@@ -1,12 +1,12 @@
-// Detect It Easy: detection rule file
-
-meta("joiner", "inPEct");
-
-function detect() {
-    if (PE.compareEP("E8000000005D5583C5208BF58BFEB9......00BA........AD8BD833C2C1C20703D3ABE2F3")) {
-        sVersion = "1.1";
-        bDetected = true;
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("joiner", "inPEct");
+
+function detect() {
+    if (PE.compareEP("E8000000005D5583C5208BF58BFEB9......00BA........AD8BD833C2C1C20703D3ABE2F3")) {
+        sVersion = "1.1";
+        bDetected = true;
+    }
+
+    return result();
 }

db/PE/packer_ASDPack.2.sg

@@ -1,19 +1,19 @@
-// Detect It Easy: detection rule file
-
-meta("packer", "ASDPack");
-
-function detect() {
-    if (PE.compareEP("8B442404565753E8CD010000C30000000000000000000000000010000000")) {
-        sVersion = "2.0";
-        bDetected = true;
-    } else if (
-        PE.getNumberOfImports() === 1 &&
-        PE.getNumberOfSections() === 3 &&
-        PE.getImportLibraryName(0) === "Kernel32.dll" &&
-        PE.isImportPositionHashPresent(0, 0x3651f68d) // GetModuleHandleA
-    ) {
-        bDetected = true;
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("packer", "ASDPack");
+
+function detect() {
+    if (PE.compareEP("8B442404565753E8CD010000C30000000000000000000000000010000000")) {
+        sVersion = "2.0";
+        bDetected = true;
+    } else if (
+        PE.getNumberOfImports() === 1 &&
+        PE.getNumberOfSections() === 3 &&
+        PE.getImportLibraryName(0) === "Kernel32.dll" &&
+        PE.isImportPositionHashPresent(0, 0x3651f68d) // GetModuleHandleA
+    ) {
+        bDetected = true;
+    }
+
+    return result();
 }

db/PE/packer_ASPack.2.sg

@@ -1,96 +1,96 @@
-// Detect It Easy: detection rule file
-
-// http://www.aspack.com/
-meta("packer", "ASPack");
-
-function getASPackVersion(nOffset) {
-    if (PE.compare("60E8000000005D81ED........B8........03C5", nOffset)) {
-        sVersion = "1.00b-1.07b";
-    } else if (PE.compare("60EB..5DEB..FF..........E9", nOffset)) {
-        sVersion = "1.08.00-1.08.02";
-    } else if (PE.compare("60E8000000005D............BB........03DD", nOffset)) {
-        sVersion = "1.08.03";
-    } else if (PE.compare("60E8000000005D81ed........BB........01eb", nOffset)) {
-        sVersion = "1.08.X";
-        sOptions = "possibly";
-    } else if (PE.compare("60E841060000EB41", nOffset)) {
-        sVersion = "1.08.04";
-    } else if (PE.compare("60EB..5DFFE5E8........81ED........BB........03DD2B9D", nOffset)) {
-        sVersion = "1.08.X";
-    } else if (PE.compare("60E870050000EB4C", nOffset)) {
-        sVersion = "2.000";
-    } else if (PE.compare("60E872050000EB4C", nOffset)) {
-        sVersion = "2.001";
-    } else if (PE.compare("60E872050000EB3387DB9000", nOffset)) {
-        sVersion = "2.1";
-    } else if (PE.compare("60E93D040000", nOffset)) {
-        sVersion = "2.11";
-    } else if (PE.compare("60E802000000EB095D5581ED39394400C3E93D040000", nOffset)) {
-        sVersion = "2.11b";
-    } else if (PE.compare("60E802000000EB095D5581ED39394400C3E959040000", nOffset)) {
-        sVersion = "2.11c-2.11d";
-    } else if (PE.compare("60E802000000EB095D55", nOffset)) {
-        sVersion = "2.11d";
-    } else if (PE.compare("60E803000000E9EB045D4555C3E801", nOffset)) {
-        sVersion = "2.12-2.42";
-    } else if (PE.compare("9060E8$$$$$$$$5D4555C3", nOffset)) {
-        sVersion = "2.12b";
-    } else if (PE.compare("60e8$$$$$$$$8b2c2481ed........c3", nOffset)) {
-        sVersion = "2.1X-2.39";
-    } else if (PE.compare("9060e8$$$$$$$$8b2c2481ed........c3", nOffset)) {
-        sVersion = "2.1X-2.39";
-    } else {
-        return false;
-    }
-
-    return true;
-}
-
-function detect() {
-    var nOffset = PE.getEntryPointOffset();
-    if (nOffset != -1) {
-        if (!getASPackVersion(nOffset)) {
-            if (PE.compareEP("7500E9")) {
-                nOffset += 3;
-                bDetected = true;
-            } else if (PE.compareEP("907500E9")) {
-                nOffset += 4;
-                bDetected = true;
-            } else if (PE.compareEP("90907500E9")) {
-                nOffset += 5;
-                bDetected = true;
-            } else if (PE.compareEP("90750190E9")) {
-                nOffset += 5;
-                bDetected = true;
-            } else if (PE.compareEP("907501FFE9")) {
-                nOffset += 5;
-                bDetected = true;
-            } else if (PE.compareEP("9090907500E9")) {
-                nOffset += 6;
-                bDetected = true;
-            } else if (PE.compareEP("9090750190E9")) {
-                nOffset += 6;
-                bDetected = true;
-            } else if (PE.compareEP("909090750190E9")) {
-                nOffset += 7;
-                bDetected = true;
-            }
-            if (bDetected) {
-                // Can't simply adjust the offset, as the destination may be in a different section.
-                nOffset = PE.RVAToOffset(PE.OffsetToRVA(nOffset) + 4 + ~~PE.readDword(nOffset));
-                bDetected = getASPackVersion(nOffset);
-            }
-        } else {
-            bDetected = true;
-        }
-    }
-
-    if (!bDetected) {
-        if (PE.section[".aspack"] && PE.section[".adata"]) {
-            sVersion = "2.12-2.XX";
-            bDetected = true;
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+// http://www.aspack.com/
+meta("packer", "ASPack");
+
+function getASPackVersion(nOffset) {
+    if (PE.compare("60E8000000005D81ED........B8........03C5", nOffset)) {
+        sVersion = "1.00b-1.07b";
+    } else if (PE.compare("60EB..5DEB..FF..........E9", nOffset)) {
+        sVersion = "1.08.00-1.08.02";
+    } else if (PE.compare("60E8000000005D............BB........03DD", nOffset)) {
+        sVersion = "1.08.03";
+    } else if (PE.compare("60E8000000005D81ed........BB........01eb", nOffset)) {
+        sVersion = "1.08.X";
+        sOptions = "possibly";
+    } else if (PE.compare("60E841060000EB41", nOffset)) {
+        sVersion = "1.08.04";
+    } else if (PE.compare("60EB..5DFFE5E8........81ED........BB........03DD2B9D", nOffset)) {
+        sVersion = "1.08.X";
+    } else if (PE.compare("60E870050000EB4C", nOffset)) {
+        sVersion = "2.000";
+    } else if (PE.compare("60E872050000EB4C", nOffset)) {
+        sVersion = "2.001";
+    } else if (PE.compare("60E872050000EB3387DB9000", nOffset)) {
+        sVersion = "2.1";
+    } else if (PE.compare("60E93D040000", nOffset)) {
+        sVersion = "2.11";
+    } else if (PE.compare("60E802000000EB095D5581ED39394400C3E93D040000", nOffset)) {
+        sVersion = "2.11b";
+    } else if (PE.compare("60E802000000EB095D5581ED39394400C3E959040000", nOffset)) {
+        sVersion = "2.11c-2.11d";
+    } else if (PE.compare("60E802000000EB095D55", nOffset)) {
+        sVersion = "2.11d";
+    } else if (PE.compare("60E803000000E9EB045D4555C3E801", nOffset)) {
+        sVersion = "2.12-2.42";
+    } else if (PE.compare("9060E8$$$$$$$$5D4555C3", nOffset)) {
+        sVersion = "2.12b";
+    } else if (PE.compare("60e8$$$$$$$$8b2c2481ed........c3", nOffset)) {
+        sVersion = "2.1X-2.39";
+    } else if (PE.compare("9060e8$$$$$$$$8b2c2481ed........c3", nOffset)) {
+        sVersion = "2.1X-2.39";
+    } else {
+        return false;
+    }
+
+    return true;
+}
+
+function detect() {
+    var nOffset = PE.getEntryPointOffset();
+    if (nOffset != -1) {
+        if (!getASPackVersion(nOffset)) {
+            if (PE.compareEP("7500E9")) {
+                nOffset += 3;
+                bDetected = true;
+            } else if (PE.compareEP("907500E9")) {
+                nOffset += 4;
+                bDetected = true;
+            } else if (PE.compareEP("90907500E9")) {
+                nOffset += 5;
+                bDetected = true;
+            } else if (PE.compareEP("90750190E9")) {
+                nOffset += 5;
+                bDetected = true;
+            } else if (PE.compareEP("907501FFE9")) {
+                nOffset += 5;
+                bDetected = true;
+            } else if (PE.compareEP("9090907500E9")) {
+                nOffset += 6;
+                bDetected = true;
+            } else if (PE.compareEP("9090750190E9")) {
+                nOffset += 6;
+                bDetected = true;
+            } else if (PE.compareEP("909090750190E9")) {
+                nOffset += 7;
+                bDetected = true;
+            }
+            if (bDetected) {
+                // Can't simply adjust the offset, as the destination may be in a different section.
+                nOffset = PE.RVAToOffset(PE.OffsetToRVA(nOffset) + 4 + ~~PE.readDword(nOffset));
+                bDetected = getASPackVersion(nOffset);
+            }
+        } else {
+            bDetected = true;
+        }
+    }
+
+    if (!bDetected) {
+        if (PE.section[".aspack"] && PE.section[".adata"]) {
+            sVersion = "2.12-2.XX";
+            bDetected = true;
+        }
+    }
+
+    return result();
 }

db/PE/packer_CExe.2.sg

@@ -1,12 +1,12 @@
-// Detect It Easy: detection rule file
-
-// https://compression.ru/arctest/self/cexe.htm
-meta("packer", "CExe");
-
-function detect() {
-    if (PE.compareEP("558BEC81EC0C02....56BE........8D85F8FEFFFF56506A..FF15........8A8DF8FEFFFF33D284C98D85F8FEFFFF7416")) {
-        sVersion = "1.0a";
-        bDetected = true;
+// Detect It Easy: detection rule file
+
+// https://compression.ru/arctest/self/cexe.htm
+meta("packer", "CExe");
+
+function detect() {
+    if (PE.compareEP("558BEC81EC0C02....56BE........8D85F8FEFFFF56506A..FF15........8A8DF8FEFFFF33D284C98D85F8FEFFFF7416")) {
+        sVersion = "1.0a";
+        bDetected = true;
     }
 
     return result();

db/PE/packer_CICompress.2.sg

@@ -1,11 +1,11 @@
-// Detect It Easy: detection rule file
-
-meta("packer", "CICompress");
-
-function detect() {
-    if (PE.compareEP("6A046800100000FF35........6A00FF15........A3........97BE........E8710000003B05")) {
-        sVersion = "1.0";
-        bDetected = true;
+// Detect It Easy: detection rule file
+
+meta("packer", "CICompress");
+
+function detect() {
+    if (PE.compareEP("6A046800100000FF35........6A00FF15........A3........97BE........E8710000003B05")) {
+        sVersion = "1.0";
+        bDetected = true;
     }
 
     return result();

db/PE/protection_Softlocx.1.sg

@@ -1,12 +1,12 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("protection", "Softlocx");
-
-function detect() {
-    if (PE.compareEP("eb$$55e8000000005d81ed........8bc555609c2b85........8985........ff74")) {
-        sVersion = "6.0";
-        bDetected = true;
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("protection", "Softlocx");
+
+function detect() {
+    if (PE.compareEP("eb$$55e8000000005d81ed........8bc555609c2b85........8985........ff74")) {
+        sVersion = "6.0";
+        bDetected = true;
     }
 
     return result();

db/PE/protector_ASProtect.2.sg

@@ -1,45 +1,45 @@
-// Detect It Easy: detection rule file
-
-meta("protector", "ASProtect");
-
-function detect() {
-    if (PE.compareEP("6801......E801000000C3C3")) {
-        sVersion = "1.23-2.56";
-    } else if (PE.compareEP("68########9060e8$$$$$$$$5d4555c3")) {
-        sVersion = "SKE 2.1-2.2";
-    } else if (PE.compareEP("68########60e8$$$$$$$$5d4555c3")) {
-        sVersion = "SKE 2.3-2.5";
-    } else if (PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E9820000000000000000000000000000000000")) {
-        sVersion = "SKE 2.1/2.2";
-    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E98200000000000000000000000000000000")) {
-        sVersion = "SKE 2.1/2.2";
-    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5E50B00008D453550E98200000000000000000000000000000000")) {
-        sVersion = "SKE 2.3";
-    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00....00807D4D01750C8B74242883FE01895D4E75318D45535053FFB5DD0900008D453550E98200000000000000000000000000000000")) {
-        bDetected = true;
-    } else if (PE.compareEP("60E801000000905D81ED........BB........03DD2B9D")) {
-        sVersion = "1.0";
-    } else if (PE.compareEP("60E9..05")) {
-        sVersion = "1.1 BRS";
-    } else if (PE.compareEP("60E9........9178797979E9")) {
-        sVersion = "1.1 MTE";
-    } else if (PE.compareEP("9060E9..04")) {
-        sVersion = "1.1 MTEb";
-    } else if (PE.compareEP("9060E81B......E9FC")) {
-        sVersion = "MTEc";
-    } else if (PE.compareEP("60E9..04....E9..............EE")) {
-        sVersion = "1.1";
-    } else if (PE.compareEP("60E9$$$$$$$$81da........e8$$$$$$$$0fbffe0fbffd")) {
-        sVersion = "1.1";
-    } else if (PE.compareEP("6801......C3")) {
-        sVersion = "1.2";
-    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB........807D4D01750C8B74242883FE01895D4E75318D45535053FFB5D50900008D453550E98200000000000000000000000000000000")) {
-        sVersion = "1.23 RC4 build 08.07";
-    } else if (PE.compareEP("60E8........E9........05........B9........AD35........AB4975F6EB045D4555C3")) {
-        sVersion = "1.1";
-    }
-
-    bDetected = bDetected || Boolean(sVersion);
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("protector", "ASProtect");
+
+function detect() {
+    if (PE.compareEP("6801......E801000000C3C3")) {
+        sVersion = "1.23-2.56";
+    } else if (PE.compareEP("68########9060e8$$$$$$$$5d4555c3")) {
+        sVersion = "SKE 2.1-2.2";
+    } else if (PE.compareEP("68########60e8$$$$$$$$5d4555c3")) {
+        sVersion = "SKE 2.3-2.5";
+    } else if (PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E9820000000000000000000000000000000000")) {
+        sVersion = "SKE 2.1/2.2";
+    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E98200000000000000000000000000000000")) {
+        sVersion = "SKE 2.1/2.2";
+    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5E50B00008D453550E98200000000000000000000000000000000")) {
+        sVersion = "SKE 2.3";
+    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00....00807D4D01750C8B74242883FE01895D4E75318D45535053FFB5DD0900008D453550E98200000000000000000000000000000000")) {
+        bDetected = true;
+    } else if (PE.compareEP("60E801000000905D81ED........BB........03DD2B9D")) {
+        sVersion = "1.0";
+    } else if (PE.compareEP("60E9..05")) {
+        sVersion = "1.1 BRS";
+    } else if (PE.compareEP("60E9........9178797979E9")) {
+        sVersion = "1.1 MTE";
+    } else if (PE.compareEP("9060E9..04")) {
+        sVersion = "1.1 MTEb";
+    } else if (PE.compareEP("9060E81B......E9FC")) {
+        sVersion = "MTEc";
+    } else if (PE.compareEP("60E9..04....E9..............EE")) {
+        sVersion = "1.1";
+    } else if (PE.compareEP("60E9$$$$$$$$81da........e8$$$$$$$$0fbffe0fbffd")) {
+        sVersion = "1.1";
+    } else if (PE.compareEP("6801......C3")) {
+        sVersion = "1.2";
+    } else if (PE.compareEP("9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB........807D4D01750C8B74242883FE01895D4E75318D45535053FFB5D50900008D453550E98200000000000000000000000000000000")) {
+        sVersion = "1.23 RC4 build 08.07";
+    } else if (PE.compareEP("60E8........E9........05........B9........AD35........AB4975F6EB045D4555C3")) {
+        sVersion = "1.1";
+    }
+
+    bDetected = bDetected || Boolean(sVersion);
+
+    return result();
 }

db/PE/protector_Armadillo.2.sg

@@ -1,47 +1,47 @@
-// Detect It Easy: detection rule file
-
-meta("protector", "Armadillo");
-
-function detect() {
-    if (PE.compareEP("60E8000000005D50510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE99D0FC98BCAF7D1595850510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08")) {
-        sVersion = "3.X-9.X";
-        bDetected = true;
-    } else if (PE.compareEP("558BEC83EC0C5356578B450850FF15........83C4048945FC8B45FC51B900080000B906000000")) {
-        sVersion = "4.44a public build";
-        bDetected = true;
-    } else if (PE.compareEP("E8E3400000E916FEFFFF6A0C68........E8441500008B4D0833FF3BCF762E6AE05833D2F7F13B")) {
-        sVersion = "5.00";
-        bDetected = true;
-    } else if (PE.compareEP("837C2408017505E8DE4B0000FF7424048B4C24108B54240CE8EDFEFFFF59C20C006A0C68")) {
-        sVersion = "5.00";
-        sOptions = "DLL";
-        bDetected = true;
-    } else if (PE.compareEP("6A..8BB5........C1E6048B85........2507....8079054883C8F84033C98A88........8B95........81E207....8079054A83CAF84233C08A82")) {
-        sVersion = "2.XX";
-        sOptions = "CopyMem II";
-        bDetected = true;
-    } else if (PE.compareEP("60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959586033C9")) {
-        sVersion = "3.00";
-        bDetected = true;
-    } else if (PE.compareEP("60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959585051EB")) {
-        sVersion = "3.00a-3.70a";
-        bDetected = true;
-    } else {
-        if (PE.getMajorLinkerVersion() == 0x53 && PE.getMinorLinkerVersion() == 0x52) {
-            for (var i = 0; i <= PE.nLastSection; i++) {
-                if (PE.compare("'PDATA000'", PE.section[i].FileOffset)) {
-                    sVersion = "6.X-9.X";
-                    break;
-                }
-            }
-            if (!sVersion) {
-                if (PE.section.length > 7) {
-                    sVersion = "6.X-9.X";
-                }
-            }
-            bDetected = true;
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("protector", "Armadillo");
+
+function detect() {
+    if (PE.compareEP("60E8000000005D50510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE99D0FC98BCAF7D1595850510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08")) {
+        sVersion = "3.X-9.X";
+        bDetected = true;
+    } else if (PE.compareEP("558BEC83EC0C5356578B450850FF15........83C4048945FC8B45FC51B900080000B906000000")) {
+        sVersion = "4.44a public build";
+        bDetected = true;
+    } else if (PE.compareEP("E8E3400000E916FEFFFF6A0C68........E8441500008B4D0833FF3BCF762E6AE05833D2F7F13B")) {
+        sVersion = "5.00";
+        bDetected = true;
+    } else if (PE.compareEP("837C2408017505E8DE4B0000FF7424048B4C24108B54240CE8EDFEFFFF59C20C006A0C68")) {
+        sVersion = "5.00";
+        sOptions = "DLL";
+        bDetected = true;
+    } else if (PE.compareEP("6A..8BB5........C1E6048B85........2507....8079054883C8F84033C98A88........8B95........81E207....8079054A83CAF84233C08A82")) {
+        sVersion = "2.XX";
+        sOptions = "CopyMem II";
+        bDetected = true;
+    } else if (PE.compareEP("60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959586033C9")) {
+        sVersion = "3.00";
+        bDetected = true;
+    } else if (PE.compareEP("60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959585051EB")) {
+        sVersion = "3.00a-3.70a";
+        bDetected = true;
+    } else {
+        if (PE.getMajorLinkerVersion() == 0x53 && PE.getMinorLinkerVersion() == 0x52) {
+            for (var i = 0; i <= PE.nLastSection; i++) {
+                if (PE.compare("'PDATA000'", PE.section[i].FileOffset)) {
+                    sVersion = "6.X-9.X";
+                    break;
+                }
+            }
+            if (!sVersion) {
+                if (PE.section.length > 7) {
+                    sVersion = "6.X-9.X";
+                }
+            }
+            bDetected = true;
+        }
+    }
+
+    return result();
 }

db/PE/protector_Berio.2.sg

@@ -1,14 +1,14 @@
-// Detect It Easy: detection rule file
-
-meta("protector", "Berio");
-
-function detect() {
-    if (PE.compareEP("909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9011200")) {
-        sVersion = "1.00 beta";
-        bDetected = true;
-    } else if (PE.compareEP("909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9017401")) {
-        sVersion = "2.00 beta";
-        bDetected = true;
+// Detect It Easy: detection rule file
+
+meta("protector", "Berio");
+
+function detect() {
+    if (PE.compareEP("909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9011200")) {
+        sVersion = "1.00 beta";
+        bDetected = true;
+    } else if (PE.compareEP("909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9017401")) {
+        sVersion = "2.00 beta";
+        bDetected = true;
     }
 
     return result();

db/PE/protector_ILUCRYPT.2.sg

@@ -1,14 +1,14 @@
-// Detect It Easy: detection rule file
-
-meta("protector", "ILUCRYPT");
-
-function detect() {
-    if (PE.compareEP("8BECFAC746F7....4281FA....75F9FF66F7")) {
-        sVersion = "4.015";
-        bDetected = true;
-    } else if (PE.compareEP("8BECFAC7........4C4CC3FBBF....B8....2E....D1C84F81")) {
-        sVersion = "4.018";
-        bDetected = true;
+// Detect It Easy: detection rule file
+
+meta("protector", "ILUCRYPT");
+
+function detect() {
+    if (PE.compareEP("8BECFAC746F7....4281FA....75F9FF66F7")) {
+        sVersion = "4.015";
+        bDetected = true;
+    } else if (PE.compareEP("8BECFAC7........4C4CC3FBBF....B8....2E....D1C84F81")) {
+        sVersion = "4.018";
+        bDetected = true;
     }
 
     return result();

db/PE/protector_beria.2.sg

@@ -1,12 +1,12 @@
-// Detect It Easy: detection rule file
-
-meta("protector", "Beria");
-
-function detect() {
-    if (PE.compareEP("83EC18538B1D0030....555657683007000033ED55FFD38BF03BF5740D89AE20070000E8880F0000EB0233F66A105589353040....FFD38BF03BF57409892EE83CFEFFFFEB0233F66A18558935D843....FFD38BF0")) {
-        sVersion = "0.07";
-        bDetected = true;
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+
+meta("protector", "Beria");
+
+function detect() {
+    if (PE.compareEP("83EC18538B1D0030....555657683007000033ED55FFD38BF03BF5740D89AE20070000E8880F0000EB0233F66A105589353040....FFD38BF03BF57409892EE83CFEFFFFEB0233F66A18558935D843....FFD38BF0")) {
+        sVersion = "0.07";
+        bDetected = true;
+    }
+
+    return result();
 }

db/PE/sfx_ARQ.1.sg

@@ -1,15 +1,15 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("sfx", "ARQ");
-
-function detect() {
-    if (PE.compareOverlay("67570402")) {
-        if (PE.compareEP("558bec6a..68........68........64a1........50648925........83....5356578965..ff15")) {
-            bDetected = true;
-        } else if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
-            bDetected = true;
-        }
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("sfx", "ARQ");
+
+function detect() {
+    if (PE.compareOverlay("67570402")) {
+        if (PE.compareEP("558bec6a..68........68........64a1........50648925........83....5356578965..ff15")) {
+            bDetected = true;
+        } else if (PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")) {
+            bDetected = true;
+        }
     }
 
     return result();

db/PE/sfx_INFTool.1.sg

@@ -1,14 +1,14 @@
-// Detect It Easy: detection rule file
-// Author: hypn0 <hypn0@mail.ru>
-
-meta("sfx", "INFTool");
-
-function detect() {
-    if (PE.compareEP("558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905........c705")) {
-        if (PE.findString(0, PE.getOverlayOffset(), "INFTool.pkg") !== -1) {
-            bDetected = true;
-        }
-    }
-
-    return result();
+// Detect It Easy: detection rule file
+// Author: hypn0 <hypn0@mail.ru>
+
+meta("sfx", "INFTool");
+
+function detect() {
+    if (PE.compareEP("558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905........c705")) {
+        if (PE.findString(0, PE.getOverlayOffset(), "INFTool.pkg") !== -1) {
+            bDetected = true;
+        }
+    }
+
+    return result();
 }