mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

dbs_min update

Browse source
This commit is contained in:
DosX 2026-01-09 19:27:33 +03:00
commit efda60c066
19 changed files with 70 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dbs_min/db/Binary/__MiniExtensionsHeuristic_By_DosX.7.sg
View file

File diff suppressed because one or more lines are too long

10
dbs_min/db/Binary/__MiniJavaScriptHeuristic_By_DosX.7.sg
View file

@ -1,5 +1,5 @@
function detect(){main()}function main(){if(Binary.isHeuristicScan())switch(Binary.getFileSuffix().toLowerCase()){case"js":case"jse":case"jsc":case"sg":var e=String()
if(Binary.isPlainText()){if(3e3<Binary.getSize()){for(var i=Binary.getString(0,Binary.getSize()),t=[],a=String(),n=!1,r=String(),s=!1,g=0;g<i.length;g++){var l=i[g]
function detect(){main()}function main(){if(Binary.isHeuristicScan())switch(Binary.getFileSuffix().toLowerCase()){case"js":case"jse":case"jsc":case"sg":var e=""
if(Binary.isPlainText()){if(3e3<Binary.getSize()){for(var i=Binary.getString(0,Binary.getSize()),t=[],a="",n=!1,r="",s=!1,g=0;g<i.length;g++){var l=i[g]
if(n)if(s)s=!1
else if("\\"===l)s=!0
else if("`"===r&&"$"===l&&g+1<i.length&&"{"===i[g+1]){g++
@ -7,9 +7,9 @@ for(var f=1;g+1<i.length&&0<f;){var c=i[++g]
if("\\"===c)a+=c,g+1<i.length&&(a+=i[++g])
else{if("{"===c)f++
else if("}"===c&&0===--f)break
a+=c}}}else l===r&&(n=!1,r=String())
else'"'===l||"'"===l||"`"===l?(0<a.length&&(t.push(a),a=String()),n=!0,r=l):a+=l}0<a.length&&t.push(a)
a+=c}}}else l===r&&(n=!1,r="")
else'"'===l||"'"===l||"`"===l?(0<a.length&&(t.push(a),a=""),n=!0,r=l):a+=l}0<a.length&&t.push(a)
for(var S=0;S<t.length;S++){var o=t[S]
if(!/( |\t)/.test(o)&&(/(((var|let|const)[\t ]|\())\b[a-zA-Z](?:,[a-zA-Z]){3,}\b/.test(o)||/[a-zA-Z][!=]?=?=![01][;,})]/.test(o))){e="minified/compiled"
break}}}}else e="bytecode"
_setResult("~language","JavaScript",String(),Binary.isVerbose()?e:String())}}
_setResult("~language","JavaScript","",Binary.isVerbose()?e:"")}}

2
dbs_min/db/Binary/bin.TOT.1.sg
View file

@ -1,2 +1,2 @@
function detect(){var r
return Binary.compare("?? ** 00'")&&Binary.isSignaturePresent(0,32,"00 00 '(c)'")&&(bDetected=1,-1!==(r=Binary.findSignature(0,64,"'Version ' %% 2E %%"))&&(sVersion=Binary.getString(r+8,4)),-1!==(r=Binary.findSignature(0,64,"'19' %% %%")))&&(sVersion+=(sVersion?", ":String())+Binary.getString(r,4)),result()}meta("format","TOT")
return Binary.compare("?? ** 00'")&&Binary.isSignaturePresent(0,32,"00 00 '(c)'")&&(bDetected=1,-1!==(r=Binary.findSignature(0,64,"'Version ' %% 2E %%"))&&(sVersion=Binary.getString(r+8,4)),-1!==(r=Binary.findSignature(0,64,"'19' %% %%")))&&(sVersion+=(sVersion?", ":"")+Binary.getString(r,4)),result()}meta("format","TOT")

2
dbs_min/db/Binary/javascript-obfuscator.2.sg
View file

@ -1,2 +1,2 @@
function detect(){return isSignatureInBeginAndEndPresent("'function'")&&(isSignatureInBeginAndEndPresent("'var '")||isSignatureInBeginAndEndPresent("'const '")||isSignatureInBeginAndEndPresent("')();'"))&&(isSignatureInBeginAndEndPresent("'_0x'")&&(isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. '('")||isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. .. '('")||isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. .. .. '('"))&&(bDetected=1),isSignatureInBeginAndEndPresent("'parseInt(' .. '('")&&(sOptions="mangled",bDetected=1),isSignatureInBeginAndEndPresent("'=[\"'")&&isSignatureInBeginAndEndPresent("'\",\"'")||isSignatureInBeginAndEndPresent("'=[' 27")&&isSignatureInBeginAndEndPresent("27 ',' 27"))&&(sOptions+=(0!==sOptions.length?" + ":String())+"strings array"),result()}function isSignatureInBeginAndEndPresent(n){var e=10240
function detect(){return isSignatureInBeginAndEndPresent("'function'")&&(isSignatureInBeginAndEndPresent("'var '")||isSignatureInBeginAndEndPresent("'const '")||isSignatureInBeginAndEndPresent("')();'"))&&(isSignatureInBeginAndEndPresent("'_0x'")&&(isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. '('")||isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. .. '('")||isSignatureInBeginAndEndPresent("'_0x' .. .. .. .. .. .. '('"))&&(bDetected=1),isSignatureInBeginAndEndPresent("'parseInt(' .. '('")&&(sOptions="mangled",bDetected=1),isSignatureInBeginAndEndPresent("'=[\"'")&&isSignatureInBeginAndEndPresent("'\",\"'")||isSignatureInBeginAndEndPresent("'=[' 27")&&isSignatureInBeginAndEndPresent("27 ',' 27"))&&(sOptions+=(0!==sOptions.length?" + ":"")+"strings array"),result()}function isSignatureInBeginAndEndPresent(n){var e=10240
if(e>Binary.getSize()&&(e=Binary.getSize()),Binary.isSignaturePresent(0,e,n)||e!=Binary.getSize())return Binary.isSignaturePresent(Binary.getSize()-e,e,n)}meta("protector","javascript-obfuscator")

2
dbs_min/db/DEX/AllatoriObfuscator.2.sg
View file

@ -1 +1 @@
function detect(){return bDetected=DEX.isDexStringPresent("ALLATORIxDEMO"),sVersion=bDetected?"Demo":String(),result()}meta("protector","Allatori")
function detect(){return bDetected=DEX.isDexStringPresent("ALLATORIxDEMO"),sVersion=bDetected?"Demo":"",result()}meta("protector","Allatori")

2
dbs_min/db/ELF/DMD.4.sg
View file

@ -1,4 +1,4 @@
function getVersion(){var e=ELF.getSectionNumber(".comment")
if(-1!=e){e=ELF.findString(ELF.getSectionFileOffset(e),ELF.getSectionFileSize(e),"DMD v")
if(-1!=e)return ELF.getString(e+5,20)}return String()}function detect(){var e=getVersion()
if(-1!=e)return ELF.getString(e+5,20)}return ""}function detect(){var e=getVersion()
return e&&(bDetected=1,sVersion=e),sLang="D",result()}meta("compiler","DMD")

2
dbs_min/db/ELF/gcc.4.sg
View file

@ -1,4 +1,4 @@
function getVersion(e,c){e=ELF.findString(e,c,"GCC:")
return-1!=e?ELF.getString(e+5,100):String()}function detect(){ELF.compareEP("31ed5e89e183e4..50545268........68........515668........e8")?ELF.compareEP("$$$$$$$$57565383ec..8b7424..8b7c24..8b5c24..b8........85c00f84........8b0d........85c90f94c025........a3........8b5424..8b4c24..8d44....a3........8b5424..8915........90",29)?(sVersion="4.7.2, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........57565383ec..85c08b7c24..8bb424........8b9c24........0f84........8b15........31c085d20f94c08b5424..8b4c24..a3........8d44....8b9424........a3........8915........6690",29)?(sVersion="4.6.1, exe",bDetected=1):ELF.compareEP("$$$$$$$$5589e557565383ec..8b7d..8b75..8b5d..b8........85c00f84........a1........85c00f94c025........a3",29)?(sVersion="4.5.3, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b7d..8b75..8b5d..74..31c0833d..........0f94c0",29)?(sVersion="4.4.6, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b7d..8b5d..74..31c08b15........85d20f94c0",29)?(sVersion="4.4.5, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b....8b5d..74..31c0833d..........0f94c0",29)?(sVersion="4.3.3, exe",bDetected=1):ELF.compareEP("$$$$$$$$55ba........89e557565381ec........85d20f85........8b45..8b4d..8915........8d54",29)&&(sVersion="4.1.2, exe",bDetected=1):ELF.compareEP("31ed5589e583e4..8d45..83ec..50ff75..52e8$$$$$$$$5589e557565383ec..8b5d..8b7d..8d74....8935........85db7e..8b0785c074..a3........0fb610")?(sVersion="4.4.7, exe",bDetected=1):ELF.compareEP("5589e5565383ec..83e4..8b5d..89d18d74....85db8935........7e..8b45..85c074..a3........0fb610")?(sVersion="4.2.1, exe",bDetected=1):ELF.compareEP("55575653e8........81c3........83ec..8b93........8b8b........8b83........8b2a8b93........890c24895424..8b93........895424..eb")?(sVersion="4.7.2, so",bDetected=1):ELF.compareEP("5589e557565383ec..83e4..8b5d..89d78d74....85db8935........7e..8b45..85c074..a3........89c10fb601")?(sVersion="3.4.6, exe",bDetected=1):ELF.compareEP("5589e557565383ec..89d18d7d..8b5f..8d74....8935........85db7e..837d....74..8b45..a3........89c28038..74..8db6........8dbf........803a..75..8d42..a3")?(sVersion="3.2.1, exe",bDetected=1):ELF.compareEP("5557565383ec..8b7424..8b6c24..8b3ec745..........c74424..........c74424..........8b078904248d4424..894424..ff57")?(sVersion="3.2, so",bDetected=1):ELF.compareEP("7c290b785421....38......9421ff..7c0803a690......3d......85......48")?(sVersion="3.2.X",bDetected=1):ELF.compareEP("6a..6a..8bec52b8........85c074")?(sVersion="2.95.2",bDetected=1):ELF.isStringInTablePresent(".strtab","gcc2_compiled.")?(sVersion="2.X",bDetected=1):ELF.isStringInTablePresent(".dynstr","GCC_3.0")?(sVersion="3.X",bDetected=1):ELF.isSectionNamePresent(".gcc_except_table")&&(bDetected=1)
return-1!=e?ELF.getString(e+5,100):""}function detect(){ELF.compareEP("31ed5e89e183e4..50545268........68........515668........e8")?ELF.compareEP("$$$$$$$$57565383ec..8b7424..8b7c24..8b5c24..b8........85c00f84........8b0d........85c90f94c025........a3........8b5424..8b4c24..8d44....a3........8b5424..8915........90",29)?(sVersion="4.7.2, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........57565383ec..85c08b7c24..8bb424........8b9c24........0f84........8b15........31c085d20f94c08b5424..8b4c24..a3........8d44....8b9424........a3........8915........6690",29)?(sVersion="4.6.1, exe",bDetected=1):ELF.compareEP("$$$$$$$$5589e557565383ec..8b7d..8b75..8b5d..b8........85c00f84........a1........85c00f94c025........a3",29)?(sVersion="4.5.3, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b7d..8b75..8b5d..74..31c0833d..........0f94c0",29)?(sVersion="4.4.6, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b7d..8b5d..74..31c08b15........85d20f94c0",29)?(sVersion="4.4.5, exe",bDetected=1):ELF.compareEP("$$$$$$$$55b8........89e557565383ec..85c08b....8b5d..74..31c0833d..........0f94c0",29)?(sVersion="4.3.3, exe",bDetected=1):ELF.compareEP("$$$$$$$$55ba........89e557565381ec........85d20f85........8b45..8b4d..8915........8d54",29)&&(sVersion="4.1.2, exe",bDetected=1):ELF.compareEP("31ed5589e583e4..8d45..83ec..50ff75..52e8$$$$$$$$5589e557565383ec..8b5d..8b7d..8d74....8935........85db7e..8b0785c074..a3........0fb610")?(sVersion="4.4.7, exe",bDetected=1):ELF.compareEP("5589e5565383ec..83e4..8b5d..89d18d74....85db8935........7e..8b45..85c074..a3........0fb610")?(sVersion="4.2.1, exe",bDetected=1):ELF.compareEP("55575653e8........81c3........83ec..8b93........8b8b........8b83........8b2a8b93........890c24895424..8b93........895424..eb")?(sVersion="4.7.2, so",bDetected=1):ELF.compareEP("5589e557565383ec..83e4..8b5d..89d78d74....85db8935........7e..8b45..85c074..a3........89c10fb601")?(sVersion="3.4.6, exe",bDetected=1):ELF.compareEP("5589e557565383ec..89d18d7d..8b5f..8d74....8935........85db7e..837d....74..8b45..a3........89c28038..74..8db6........8dbf........803a..75..8d42..a3")?(sVersion="3.2.1, exe",bDetected=1):ELF.compareEP("5557565383ec..8b7424..8b6c24..8b3ec745..........c74424..........c74424..........8b078904248d4424..894424..ff57")?(sVersion="3.2, so",bDetected=1):ELF.compareEP("7c290b785421....38......9421ff..7c0803a690......3d......85......48")?(sVersion="3.2.X",bDetected=1):ELF.compareEP("6a..6a..8bec52b8........85c074")?(sVersion="2.95.2",bDetected=1):ELF.isStringInTablePresent(".strtab","gcc2_compiled.")?(sVersion="2.X",bDetected=1):ELF.isStringInTablePresent(".dynstr","GCC_3.0")?(sVersion="3.X",bDetected=1):ELF.isSectionNamePresent(".gcc_except_table")&&(bDetected=1)
var e,c=ELF.getSectionNumber(".comment")
return-1==c||sVersion||(e=getVersion(ELF.getSectionFileOffset(c),ELF.getSectionFileSize(c)))&&(sVersion=e,bDetected=1),sVersion||ELF.isOverlayPresent()&&(e=getVersion(ELF.getOverlayOffset(),Math.min(8192,ELF.getOverlaySize())))&&(sVersion=e,bDetected=1),sLang="C",result()}meta("compiler","GCC")

2
dbs_min/db/PE/Confuser.2.sg
View file

@ -1,3 +1,3 @@
function getConfuserVersion(){var e=String(),t=PE.findString(PE.section[0].FileOffset,PE.section[0].FileSize,"Confuser v")
function getConfuserVersion(){var e="",t=PE.findString(PE.section[0].FileOffset,PE.section[0].FileSize,"Confuser v")
return e=-1!==t?PE.getString(t+10):e}function detect(){var e
return PE.isNetObjectPresent("ConfusedByAttribute")?(e=getConfuserVersion(),sVersion=e||"1.X",bDetected=1):PE.isNet()&&2<=PE.section.length&&-1!=(e=PE.findString(PE.section[1].FileOffset,PE.section[1].FileSize,"ConfuserEx v"))&&(sVersion=PE.getString(e+12,7),sName="ConfuserEx",bDetected=1),0==PE.getNetAssemblyName().indexOf("вє∂ѕ ρяσтє¢тσя")?(sName="ConfuserEx",sVersion="Bed's mod",bDetected=1):bDetected&&PE.isNetObjectPresent("DotNetPatcherPackerAttribute")&&(sName="ConfuserEx",sVersion="DotNetPatcher mod",bDetected=1),result()}meta("protector","Confuser")

2
dbs_min/db/PE/DMD.6.sg
View file

@ -1,2 +1,2 @@
function detect(){var e,t,i
if(!PE.isNet())return PE.isSectionNamePresent(".minfo")&&PE.isSectionNamePresent("._deh")&&(bDetected=1),t=e=-1,(i=PE.section[".rdata"])&&(e=i.FileOffset,t=i.FileSize),bDetected||i&&PE.isDeepScan()&&-1!=PE.findSignature(e,t,"'core.sys.windows.dll'")&&-1!=PE.findSignature(e,t,"'string.d'")&&(bDetected=1),bDetected&&i&&(-1==(i=PE.findString(e,t,"This program will continue, but will not operate when using DMD "))||-1!=(sVersion=PE.getString(i-7,5)).indexOf(".")&&1==sVersion.split(".")[0].length||(sVersion=String())),sLang="D",result()}meta("compiler","DMD")
if(!PE.isNet())return PE.isSectionNamePresent(".minfo")&&PE.isSectionNamePresent("._deh")&&(bDetected=1),t=e=-1,(i=PE.section[".rdata"])&&(e=i.FileOffset,t=i.FileSize),bDetected||i&&PE.isDeepScan()&&-1!=PE.findSignature(e,t,"'core.sys.windows.dll'")&&-1!=PE.findSignature(e,t,"'string.d'")&&(bDetected=1),bDetected&&i&&(-1==(i=PE.findString(e,t,"This program will continue, but will not operate when using DMD "))||-1!=(sVersion=PE.getString(i-7,5)).indexOf(".")&&1==sVersion.split(".")[0].length||(sVersion="")),sLang="D",result()}meta("compiler","DMD")

2
dbs_min/db/PE/Denuvo.2.sg
View file

@ -1 +1 @@
function detect(){if(!PE.isNet())return(PE.isSectionNamePresentExp(/\.(e|sr|x(p|d))data$/)||PE.isSectionNamePresent(".arch")||PE.isSectionNamePresent(".xtext")||PE.isSectionNamePresent(".xtls"))&&(PE.is64()?(PE.compareEP("51 52 41 50 41 51 4C 8D ?? ?? ?? ?? ?? 4C 8D ?? ?? ?? ?? ?? 4D 29 C1")?(sVersion="1.0",bDetected=1):PE.compareEP("48 8D 0D ?? ?? ?? ?? E9 ?? ?? ?? ??")?(sVersion="2.0a",bDetected=1):PE.compareEP("48 89 ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 48 83 FA 01")?(sVersion="2.0b",bDetected=1):PE.compareEP("?? ?? ?? ?? ?? ?? ?? ?? 4C 89 1C 24 49 89 E3")?(sVersion="3.0a",bDetected=1):PE.compareEP("48 8D 64 24 .. 50 51 52 80 3D .. .. .. .. .. 75 .. 48 8D 05 .. .. .. .. 48 8D 0D .. .. .. ..")?(sVersion="17.0",bDetected=1):PE.compareEP("4D 8D ?? ?? ?? ?? ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 48 8D ?? ?? 48 89 ?? 48 89 ?? 48 89")?(sVersion="3.0b",bDetected=1):PE.compareEP("47 61 6D 65 41 73 73 65 6D 62 6C 79 44 65 6E 75 76 6F 44 72 6D 2E 64 6C 6C")?(sOptions="Unity",bDetected=1):PE.isSignaturePresent(PE.section[0].FileOffset,PE.getSize()-PE.getOverlaySize(),"64 65 6E 75 76 6F 5F 61 74 64 00 00 00 00 00 00")&&(bDetected=1),PE.isLibraryPresent("steam_api64.dll")&&(sOptions="Steam",bDetected=1),PE.isLibraryPresent("eossdk-win64-shipping.dll")&&(sOptions="Epic Games",bDetected=1)):(PE.compareEP("55 89 E5 8D ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ??")?(sVersion="1.0",bDetected=1):PE.compareEP("8D ?? ?? ?? ?? ?? ?? 89 7C 24 04 89 E7")&&(sVersion="2.0",bDetected=1),PE.isLibraryPresent("steam_api.dll")&&(sOptions="Steam",bDetected=1),PE.isLibraryPresent("eossdk-win32-shipping.dll")&&(sOptions="Epic Game Store",bDetected=1),PE.isLibraryPresent("uplay_r1_loader.dll")&&(sOptions="uPlay",bDetected=1))),bDetected||(PE.isLibraryPresent("dbdata.dll")&&(sOptions="FIFA23 series",bDetected=1),PE.isLibraryPresent("uplay_r1_loader64.dll")&&(sOptions="uPlay",bDetected=1),PE.isLibraryPresentExp(/^Core\/Activation(64)?.dll$/)&&(sOptions="Origin",bDetected=1)),PE.isExportFunctionPresentExp(/^ANTICHEAT_OBFUSCATE_.+_CODEMARKER$/)&&_setResult("marker","Denuvo",String(),String()),result()}meta("protector","Denuvo")
function detect(){if(!PE.isNet())return(PE.isSectionNamePresentExp(/\.(e|sr|x(p|d))data$/)||PE.isSectionNamePresent(".arch")||PE.isSectionNamePresent(".xtext")||PE.isSectionNamePresent(".xtls"))&&(PE.is64()?(PE.compareEP("51 52 41 50 41 51 4C 8D ?? ?? ?? ?? ?? 4C 8D ?? ?? ?? ?? ?? 4D 29 C1")?(sVersion="1.0",bDetected=1):PE.compareEP("48 8D 0D ?? ?? ?? ?? E9 ?? ?? ?? ??")?(sVersion="2.0a",bDetected=1):PE.compareEP("48 89 ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 48 83 FA 01")?(sVersion="2.0b",bDetected=1):PE.compareEP("?? ?? ?? ?? ?? ?? ?? ?? 4C 89 1C 24 49 89 E3")?(sVersion="3.0a",bDetected=1):PE.compareEP("48 8D 64 24 .. 50 51 52 80 3D .. .. .. .. .. 75 .. 48 8D 05 .. .. .. .. 48 8D 0D .. .. .. ..")?(sVersion="17.0",bDetected=1):PE.compareEP("4D 8D ?? ?? ?? ?? ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 48 8D ?? ?? 48 89 ?? 48 89 ?? 48 89")?(sVersion="3.0b",bDetected=1):PE.compareEP("47 61 6D 65 41 73 73 65 6D 62 6C 79 44 65 6E 75 76 6F 44 72 6D 2E 64 6C 6C")?(sOptions="Unity",bDetected=1):PE.isSignaturePresent(PE.section[0].FileOffset,PE.getSize()-PE.getOverlaySize(),"64 65 6E 75 76 6F 5F 61 74 64 00 00 00 00 00 00")&&(bDetected=1),PE.isLibraryPresent("steam_api64.dll")&&(sOptions="Steam",bDetected=1),PE.isLibraryPresent("eossdk-win64-shipping.dll")&&(sOptions="Epic Games",bDetected=1)):(PE.compareEP("55 89 E5 8D ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ??")?(sVersion="1.0",bDetected=1):PE.compareEP("8D ?? ?? ?? ?? ?? ?? 89 7C 24 04 89 E7")&&(sVersion="2.0",bDetected=1),PE.isLibraryPresent("steam_api.dll")&&(sOptions="Steam",bDetected=1),PE.isLibraryPresent("eossdk-win32-shipping.dll")&&(sOptions="Epic Game Store",bDetected=1),PE.isLibraryPresent("uplay_r1_loader.dll")&&(sOptions="uPlay",bDetected=1))),bDetected||(PE.isLibraryPresent("dbdata.dll")&&(sOptions="FIFA23 series",bDetected=1),PE.isLibraryPresent("uplay_r1_loader64.dll")&&(sOptions="uPlay",bDetected=1),PE.isLibraryPresentExp(/^Core\/Activation(64)?.dll$/)&&(sOptions="Origin",bDetected=1)),PE.isExportFunctionPresentExp(/^ANTICHEAT_OBFUSCATE_.+_CODEMARKER$/)&&_setResult("marker","Denuvo","",""),result()}meta("protector","Denuvo")

2
dbs_min/db/PE/Eschalon_installer.1.sg
View file

@ -1 +1 @@
function detect(){return PE.compareEP("558bec81c4........53565733c08985........8985........e8$$$$$$$$e8$$$$$$$$31d28d")&&PE.compareOverlay("'EPSF'")&&(sVersion=PE.getFileVersion().replace(/\.0\.0$/,String()),bDetected=1),result()}meta("installer","Eschalon Installer")
function detect(){return PE.compareEP("558bec81c4........53565733c08985........8985........e8$$$$$$$$e8$$$$$$$$31d28d")&&PE.compareOverlay("'EPSF'")&&(sVersion=PE.getFileVersion().replace(/\.0\.0$/,""),bDetected=1),result()}meta("installer","Eschalon Installer")

10
dbs_min/db/PE/Microsoft.6.sg
View file

File diff suppressed because one or more lines are too long

2
dbs_min/db/PE/NetReactor.2.sg
View file

@ -3,5 +3,5 @@ else if(PE.compareEP("558becb90f0000006a006a004975f951535657b8........e8"))sVers
else if(PE.resource.__&&PE.compareEP("e8$$$$$$$$8bff558bec83ec10"))PE.compareEP("e8........e9........6a0c68")?(sVersion="4.2",bDetected=1):PE.compareEP("e8........e9........8bff558bec83ec208b45085657")&&(sVersion="4.5-4.7",bDetected=1)
else if(PE.isNet()){if(PE.isSignatureInSectionPresent(0,"558becb90f0000006a006a004975f951535657b8........e8")?(sVersion="3.X",bDetected=1):2<=PE.section.length&&3221225536==PE.section[1].Characteristics&&PE.isSignatureInSectionPresent(1,"5266686E204D182276B5331112330C6D0A204D18229EA129611C76B505190158")&&(sVersion="4.8-4.9",bDetected=1),PE.isNetObjectPresent("NecroVM.Runtime"))return
PE.isSignatureInSectionPresent(0,"6D5F6973526561644F6E6C790B636F6D70617265496E666F0874657874496E666F076E756D496E666F0C6461746554696D65496E666F0863616C656E6461720A6D5F646174614974656D0963756C747572654944066D5F6E616D65116D5F757365557365724F76657272696465")&&(sVersion="6.X")
for(var e=String(),t=0;t<5;t++)e+="'m_'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%00"
for(var e="",t=0;t<5;t++)e+="'m_'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%00"
PE.isSignatureInSectionPresent(0,e)&&(sOptions=sOptions.append("Control Flow"),sVersion="6.X",bDetected=1),PE.isSignatureInSectionPresent(0,"'$$method0x'363030303331372D310024246D6574686F643078363030303333322D310024246D6574686F643078363030303333322D320024246D6574686F643078363030303334302D310024246D6574686F643078363030303334302D320024246D6574686F643078363030303335332D310024246D6574686F64")&&(sVersion="6.5",bDetected=1),PE.isNetGlobalCctorPresent()&&(PE.isNetObjectPresent("BinaryReader")&&PE.isNetObjectPresent("RSACryptoServiceProvider")&&PE.isSignatureInSectionPresent(0,"2000690073002000740061006D00700065007200650064002E00")?(sOptions=sOptions.append("Anti-tamper"),bDetected=1):PE.isNetObjectPresent("kernel32")&&PE.isSignatureInSectionPresent(0,"6B00650072006E0065006C002000")&&(bDetected=1)),PE.isNetObjectPresent("SuppressIldasmAttribute")&&(sOptions=sOptions.append("Anti-ILDASM")),PE.isSignatureInSectionPresent(0,"45007A006900720069007A0027007300200022002E004E00450054002000520065006100630074006F0072002200210020005400680069007300200061")&&PE.isNetObjectPresent("DateTime")&&(sOptions=sOptions.append("Demo"),bDetected=1)}return result()}meta("protector",".NET Reactor")

2
dbs_min/db/PE/Perl.3.sg
View file

@ -1,5 +1,5 @@
function detect(){var e
if(PE.isDll())return(e=PE.isLibraryPresentExp(/perl(5)_?(\d\d*)/i))&&(bDetected=1,sVersion=e[1]+"."+e[2],sLang="Perl"),PE.isExportFunctionPresentExp("Perl_sv_bless|perl_parse")?(bDetected=1,sVersion=getPerlVersion(),sLang="Perl",_setResult("library","Perl Runtime",sVersion,"")):result()}function getPerlVersion(){for(var e=["'erl5' %% '.dll'","'erl5' %% %% '.dll'","'erl5_' %% '.dll'","'erl5_' %% %% '.dll'"],r=PE.getExportSection(),t=String(),n=-1,i=0;i<e.length&&!(-1<(n=PE.findSignature(PE.section[r].FileOffset,PE.getSize(),e[i])));++i);if(0<n){var l=PE.getString(n,12)
if(PE.isDll())return(e=PE.isLibraryPresentExp(/perl(5)_?(\d\d*)/i))&&(bDetected=1,sVersion=e[1]+"."+e[2],sLang="Perl"),PE.isExportFunctionPresentExp("Perl_sv_bless|perl_parse")?(bDetected=1,sVersion=getPerlVersion(),sLang="Perl",_setResult("library","Perl Runtime",sVersion,"")):result()}function getPerlVersion(){for(var e=["'erl5' %% '.dll'","'erl5' %% %% '.dll'","'erl5_' %% '.dll'","'erl5_' %% %% '.dll'"],r=PE.getExportSection(),t="",n=-1,i=0;i<e.length&&!(-1<(n=PE.findSignature(PE.section[r].FileOffset,PE.getSize(),e[i])));++i);if(0<n){var l=PE.getString(n,12)
if(!(l=l.match(/(5)_?(\d\d*)/)))return t
t=l[1]+"."+l[2],l=findPatchVersion(9<Number(l[2])?"'5.' %% %% '.' %% ":"'5.' %% '.' %%")
0<l&&(t+="."+l)}return t}function findPatchVersion(e){for(var r,t=0,n=PE.getSize(),i=0;-1!=(r=PE.findSignature(t,n,e));){var l=PE.getString(r,12),t=r+l.length;(l=l.match(/5\.\d\d*\.(\d\d*)/))&&l[1]>i&&(i=l[1])}return i}meta("library","Perl5 xs")

2
dbs_min/db/PE/Unity.4.sg
View file

@ -1 +1 @@
function detect(){return(PE.isLibraryPresent("UnityPlayer.dll")||PE.isExportFunctionPresent("UnityMain"))&&(bDetected=1),PE.isExportFunctionPresent("il2cpp_alloc")&&(sLang="Native MSIL/C#",sOptions="IL2CPP",bDetected=1,_setResult("compiler","IL2CPP Technology",String(),String())),result()}meta("library","Unity Engine")
function detect(){return(PE.isLibraryPresent("UnityPlayer.dll")||PE.isExportFunctionPresent("UnityMain"))&&(bDetected=1),PE.isExportFunctionPresent("il2cpp_alloc")&&(sLang="Native MSIL/C#",sOptions="IL2CPP",bDetected=1,_setResult("compiler","IL2CPP Technology","","")),result()}meta("library","Unity Engine")

4
dbs_min/db/PE/_FixDetects.9.sg
View file

@ -1,5 +1,5 @@
function detect(){removeFalsePositive({falsePositive:{packer:"AHpacker"},ifPresents:{packer:"ExE Pack"}}),removeFalsePositive({falsePositive:{linker:"Turbo Linker"},ifPresents:{linker:"Microsoft Linker"}}),removeFalsePositive({falsePositive:{tool:"Borland Delphi"},ifPresents:{tool:"Microsoft Linker"}}),removeFalsePositive({falsePositive:{compiler:"FASM",language:"ASMx86"},ifPresents:{packer:"Simple Pack"}}),_isResultPresent("compiler","Microsoft Visual C/C++")&&1<_getNumberOfResults("compiler")&&(_removeResult("compiler","Microsoft Visual C/C++"),1<_getNumberOfResults("language"))&&_isLangPresent("C/C++")&&_removeResult("language","C/C++"),_isLangPresent("MSIL/C#")&&_isResultPresent("tool","Microsoft Visual Studio")&&(_removeResult("language","MSIL/C#"),_setLang("C#"))}function removeFalsePositive(e){var s=e.falsePositive,i=e.ifPresents,r=String(),t=String()
function detect(){removeFalsePositive({falsePositive:{packer:"AHpacker"},ifPresents:{packer:"ExE Pack"}}),removeFalsePositive({falsePositive:{linker:"Turbo Linker"},ifPresents:{linker:"Microsoft Linker"}}),removeFalsePositive({falsePositive:{tool:"Borland Delphi"},ifPresents:{tool:"Microsoft Linker"}}),removeFalsePositive({falsePositive:{compiler:"FASM",language:"ASMx86"},ifPresents:{packer:"Simple Pack"}}),_isResultPresent("compiler","Microsoft Visual C/C++")&&1<_getNumberOfResults("compiler")&&(_removeResult("compiler","Microsoft Visual C/C++"),1<_getNumberOfResults("language"))&&_isLangPresent("C/C++")&&_removeResult("language","C/C++"),_isLangPresent("MSIL/C#")&&_isResultPresent("tool","Microsoft Visual Studio")&&(_removeResult("language","MSIL/C#"),_setLang("C#"))}function removeFalsePositive(e){var s=e.falsePositive,i=e.ifPresents,r="",t=""
for(o in s)if(s.hasOwnProperty(o)){t=s[r=o]
break}var o,l=String(),a=String()
break}var o,l="",a=""
for(o in i)if(i.hasOwnProperty(o)){a=i[l=o]
break}_isResultPresent(r,t)&&_isResultPresent(l,a)&&_removeResult(r,t)}

86
dbs_min/db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

File diff suppressed because one or more lines are too long

2
dbs_min/db/_init
View file

@ -1,4 +1,4 @@
var bDetected,sType,sName,sVersion,sOptions,sLang,sLangVersion
function meta(e,n,s,t,i,r){e||_error("No input detection type."),sType=e,sName=n||String(),sVersion=s||String(),sOptions=t||String(),sLang=i||String(),sLangVersion=r||String(),bDetected=0}function init(){meta.apply(null,arguments)}function result(){bDetected&&(sVersion=sVersion||String(),sOptions=sOptions||String(),sName?(_setResult(sType,sName,sVersion,sOptions),sLang&&(sLangVersion?_setLang(sLang,sLangVersion):_setLang(sLang))):_error("No input detection name.")),sName=sVersion=sOptions=sLang=sLangVersion=""
function meta(e,n,s,t,i,r){e||_error("No input detection type."),sType=e,sName=n||"",sVersion=s||"",sOptions=t||"",sLang=i||"",sLangVersion=r||"",bDetected=0}function init(){meta.apply(null,arguments)}function result(){bDetected&&(sVersion=sVersion||"",sOptions=sOptions||"",sName?(_setResult(sType,sName,sVersion,sOptions),sLang&&(sLangVersion?_setLang(sLang,sLangVersion):_setLang(sLang))):_error("No input detection name.")),sName=sVersion=sOptions=sLang=sLangVersion=""
var e=bDetected
return bDetected=0,e}includeScript("_debug"),includeScript("_runtime_helpers"),includeScript("language")

2
dbs_min/db/rar-file
View file

@ -3,7 +3,7 @@ if(64<=e){if(File.compare("'Rar!'1A07",i)){switch(File.readByte(i+6)){case 0:sVe
break
case 1:sVersion="5"}bDetected=1}else File.compare("'RE~^'",i)&&(sVersion="1.4",bDetected=1)
if("4"==sVersion){e=File.readByte(i+10)
if(8&e&&(sOptions="solid"),128&e)sOptions+=(sOptions!==String()?", ":"")+"encrypted"
if(8&e&&(sOptions="solid"),128&e)sOptions+=(sOptions!==""?", ":"")+"encrypted"
else{var r=0
for(i+=7+File.readWord(i+12);116!=File.readByte(i+2)&&(r=File.readWord(i+5)+File.readDword(i+7));)i+=r
for(;116==File.readByte(i+2);){var a=File.readDword(i+7)