mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

dbs_min update

Browse source
This commit is contained in:
DosX 2025-07-26 23:21:14 +03:00
commit f183ca60e7
34 changed files with 19 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dbs_min/db/Binary/bin.SPRX.1.sg
View file

@ -1 +1 @@
function detect(){return Binary.compare("'SCE'")&&(bDetected=!0),result()}init("format","Signed Executable and Linkable Format")
function detect(){return Binary.compare("'SCE' 00 00 00 00 ** 00")&&Binary.isSignaturePresent(0,Binary.getSize(),"7F 'ELF' 02")&&(bDetected=!0),result()}init("format","Signed Executable and Linkable Format")

2
dbs_min/db/Binary/text.OBC.1.sg
View file

@ -1 +1 @@
function detect(){return Binary.compare("'OBC Copyright MDO'")&&(sName="Compiled DEV7 object",bDetected=!0),result()}init("source","OBC")
function detect(){return Binary.compare("'OBC Copyright MDO'")&&(sName="Compiled DEV7 object",sOptions="Bytecode",bDetected=!0),result()}init("source","OBC")

4
dbs_min/db/PE/ARJSFX.1.sg
View file

@ -1,5 +1,5 @@
function detect(){if(PE.compareEP("a1........c1e0..a3........575133c0bf........b9........3bcf76..2bcffcf3aa595f64678b16....8b42..a3"))PE.compareOverlay("c0ab........60ea")&&(sName+="32",bDetected=!0)
else if(PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15"))if(PE.compareOverlay("60ea"))bDetected=!0
else if(PE.compareEP("64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15")){if(PE.compareOverlay("60ea"))bDetected=!0
else for(var e=0;e<PE.resource.length;e++)if(730==PE.resource[e].Type){bDetected=!0
break}if(PE.compareEP("558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905"))for(e=0;e<PE.resource.length;e++)1001==PE.resource[e].Type&&PE.compare("60ea",PE.getResourceOffsetByNumber(e))&&(bDetected=!0)
break}}else if(PE.compareEP("558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905"))for(e=0;e<PE.resource.length;e++)1001==PE.resource[e].Type&&PE.compare("60ea",PE.getResourceOffsetByNumber(e))&&(bDetected=!0)
return result()}init("sfx","ARJSFX")

3
dbs_min/db/PE/Abbyy_Lingvo.1.sg
View file

@ -1,2 +1 @@
function detect(){var e
return PE.compareEP("558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15")&&(e=PE.getSize()-15,PE.compare("'ArcUpdateABBYY'00",e))&&(bDetected=!0),result()}init("sfx","Abbyy Lingvo")
function detect(){return PE.compareEP("558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15")&&PE.compare("'ArcUpdateABBYY'00",PE.getSize()-15)&&(bDetected=!0),result()}init("sfx","Abbyy Lingvo")

2
dbs_min/db/PE/Alex_Protector.2.sg
View file

@ -1 +1 @@
function detect(){return PE.compareEP("60E8000000005D81ED06104000E824000000")?(sVersion="1.0",bDetected=!0):PE.compareEP("60E801000000C783C40433C9E8010000006883C404E8010000006883C404")&&(sVersion="0.4 beta 1",bDetected=!0),result()}init("protector","Alex Protector")
function detect(){return PE.compareEP("60E8000000005D81ED06104000E824000000")?(sVersion="1.0",bDetected=!0):PE.compareEP("60E801000000C783C40433C9E8010000006883C404E8010000006883C404")&&(sVersion="0.4 beta",bDetected=!0),result()}init("protector","Alex Protector")

2
dbs_min/db/PE/AutorunProEnterprise.1.sg
View file

@ -1,2 +1,2 @@
function detect(){var e=PE.section[".rsrc"]
return(e||PE.isSectionNamePresent("CODE"))&&-1!==PE.findString(e.FileOffset,e.FileSize,"9AutoRunObjects")&&-1!==PE.findString(e.FileOffset,e.FileSize,"AutoRunObjects")&&(bDetected=!0),result()}init("Installer","Autorun Pro Enterprise")
return(e||PE.isSectionNamePresent("CODE"))&&-1!==PE.findString(e.FileOffset,e.FileSize,"9AutoRunObjects")&&-1!==PE.findString(e.FileOffset,e.FileSize,"AutoRunObjects")&&(bDetected=!0),result()}init("installer","Autorun Pro Enterprise")

2
dbs_min/db/PE/IBM_VisualAge_C.4.sg
View file

@ -1 +1 @@
function detect(){return PE.compareEP("558bec68........64ff35........648925........83ec0457e8$$$$$$$$dbe3c3")?(sVersion="4.0",bDetected=!0):PE.compareEP("83ec..837c24....75..ff15........85c075..33c0e8")||PE.compareEP("83ec..837c24....75..e8........85c00f85........33c0e8")?(sVersion="4.0",sOptions="DLL",bDetected=!0):PE.compareEP("535783ec..e8........ff15........b8........e8........85c075..83c4..b8")?(sVersion="3.5",bDetected=!0):PE.compareEP("558bec68........64ff35........648925........e8........ff15........83ec04b8........e8$$$$$$$$b801000000c3")?(sVersion="3.6",bDetected=!0):PE.compareEP("558bec8b45..83f8..74..85c074..eb..6a006a006a00ff15")&&(sOptions="1996",bDetected=!0),sLang="C/C++",result()}init("compiler","IBM VisualAge C++")
function detect(){return PE.compareEP("558bec68........64ff35........648925........83ec0457e8$$$$$$$$dbe3c3")?(sVersion="4.0",bDetected=!0):PE.compareEP("83ec..837c24....75..ff15........85c075..33c0e8")||PE.compareEP("83ec..837c24....75..e8........85c00f85........33c0e8")?(sVersion="4.0",sOptions="DLL",bDetected=!0):PE.compareEP("535783ec..e8........ff15........b8........e8........85c075..83c4..b8")?(sVersion="3.5",bDetected=!0):PE.compareEP("558bec68........64ff35........648925........e8........ff15........83ec04b8........e8$$$$$$$$b801000000c3")?(sVersion="3.6",bDetected=!0):PE.compareEP("558bec8b45..83f8..74..85c074..eb..6a006a006a00ff15")&&(sOptions="1996",bDetected=!0),sLang="C/C++",result()}init("compiler","IBM VisualAge C/C++")

4
dbs_min/db/PE/PELock.2.sg
View file

@ -1,2 +1,2 @@
function detect(){for(var t="",e=0,r=0,s=0,i=0,n=0,f=0,B=0,o=PE.OffsetToVA(PE.getEntryPointOffset()),P=0;P<1e3;)P++,"CLC"==(t=-1!=(t=PE.getDisasmString(o)).indexOf(" ")?t.substr(0,t.indexOf(" ")):t)&&e++,"STC"==t&&r++,"MOVZX"==t&&s++,"SUB"==t&&i++,"IMUL"==t&&n++,"BT"!=t&&"BTR"!=t&&"BTS"!=t&&"BTC"!=t||f++,"BSF"!=t&&"BSR"!=t&&"BSWAP"!=t||B++,o=PE.getDisasmNextAddress(o)
return 0<e&&0<r&&0!=s&&(n<i||0==i&&0==n)&&0==f&&0==B&&(bDetected=!0),result()}init("protector","PELock")
function detect(){for(var e="",t=0,i=0,r=0,s=0,n=0,f=0,B=0,o=PE.OffsetToVA(PE.getEntryPointOffset()),P=0;P<1e3;)P++,"CLC"==(e=-1!=(e=PE.getDisasmString(o)).indexOf(" ")?e.slice(0,e.indexOf(" ")):e)&&t++,"STC"==e&&i++,"MOVZX"==e&&r++,"SUB"==e&&s++,"IMUL"==e&&n++,"BT"!=e&&"BTR"!=e&&"BTS"!=e&&"BTC"!=e||f++,"BSF"!=e&&"BSR"!=e&&"BSWAP"!=e||B++,o=PE.getDisasmNextAddress(o)
return 0<t&&0<i&&0!=r&&(n<s||0==s&&0==n)&&0==f&&0==B&&(bDetected=!0),result()}init("protector","PELock")

16
dbs_min/db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

File diff suppressed because one or more lines are too long

BIN
dbs_min/db/_icons/_.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/archive.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/certificate.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/compiler.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/converter.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/corrupted.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/debug data.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/format.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/image.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/installer, sfx.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/joiner.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/language.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/library, module.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/licensing.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/linker.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/malware, virus.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/operation system.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/other.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/package.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/packer, cryptor, protector, protection.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/source.png Normal file
View file

Binary file not shown.

BIN
dbs_min/db/_icons/tool.png Normal file
View file

Binary file not shown.

2
dbs_min/db/PE/ADS_Self_Extractor.1.sg → dbs_min/db_extra/PE/ADS_Self_Extractor.1.sg
View file

@ -1 +1 @@
function detect(){return PE.compareEP("e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774")?bDetected=PE.compareOverlay("7b00320030003700320036003300370037002d00"):PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")&&(bDetected=-1!==PE.findSignature(PE.getOverlayOffset(),Math.min(256,PE.getOverlaySize()),"7b00320030003700320036003300370037002d00")),result()}init("sfx","ADS Self Extractor")
function detect(){return PE.compareEP("e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774")?bDetected=PE.compareOverlay("7b00320030003700320036003300370037002d00"):PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15")&&(bDetected=-1!==PE.findSignature(PE.getOverlayOffset(),Math.min(256,PE.getOverlaySize()),"7b00320030003700320036003300370037002d00")),result()}init("sfx","ADS Self-Extractor")

0
dbs_min/db/PE/DataAnubis.1.sg → dbs_min/db_extra/PE/DataAnubis.1.sg
View file

0
dbs_min/db/PE/UPXcrypter.2.sg → dbs_min/db_extra/PE/UPXcrypter.2.sg
View file