mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
168 lines
7.6 KiB
Text
168 lines
7.6 KiB
Text
// DIE's signature file
|
|
|
|
init("protector","MSLRH");
|
|
|
|
function detect(bShowType,bShowVersion,bShowOptions)
|
|
{
|
|
if(PE.compareEP("EB033A4D3A1EEB02CD209CEB02CD20EB02CD2060EB02C705EB02CD20E803000000E9EB04584050C3619D1FEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake .BJFNT 1.3";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E802000000EB095D5581ED39394400C361EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake ASPack 2.11d";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00A002EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake ASPack 2.12";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB0073000061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586B"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake ASPack 2.12";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("3BC074028183553BC074028183533BC97401BC563BD27402818557E8000000003BDB74019083C414EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake EXE32Pack 1.3x";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("558BEC6AFF68........68........64A1000000005064892500000000648F050000000083C40C5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake Microsoft Visual C++";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("558BEC538B5D08568B750C578B7D1085F65F5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake MSVC++ 6.0 DLL";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("558BEC538B5D08568B750C5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4045874047502EB02EB"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake MSVC++ 7.0 DLL Method 3";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("558BEC5657BF010000008B750C85F65F5E5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake MSVC++ DLL Method 4";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("E9A6000000B07B4000786040007C60400000000000B03F000012624000'NeoLite Executable File Compressor\r\nCopyright (c) 1998'2C31"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake Neolite 2.0";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("9C60E8000000005DB8B38540002DAC8540002BE88DB5D3FEFFFF8B0683F80074118DB5DFFEFFFF8B0683F8010F84F1010000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake nSPack 1.3";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("FC5550E8000000005DEB01E360E803000000D2EB0B58EB014840EB0135FFE0E761585DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A58"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PC-Guard 4.xx";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("E8000000005B83EB05EB04'RND!'85C07302F70550E808000000EAFF58EB18EB010FEB02CD20EB03EACD205858EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PE Crypt 1.02";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("EB03CD20C71EEB03CD20EA9CEB02EB01EB01EB60EB03CD20EBEB01EBE803000000E9EB04584050C3EB03CD20EBEB03CD2003619D83C404EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PE Lock NT 2.04";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PEBundle 0.2-3.x";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD83BD9C38400001619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200000029"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PEBundle 2.0x-2.4x";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("EB06682EA80000C39C60E80200000033C08BC483C004938BE38B5BFC81EB3F904000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PECompact 1.4x";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E82B000000'\r\n\r\n\r\nRegistAred to: NON-COMMERCIAL!!\r\n\r\n\r'005861EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C4087404"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PESHiELD 0.25";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("B8........6A0068........64FF350000000064892500000000669C605083C40461669D648F050000000083C408EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PEtite 2.1";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E801000000E883C404E801000000E95D81EDFF22400061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake PEX 0.99";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E8000000005D81ED0600000064A02300000083C50661EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake SVKP 1.11";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60BE00908B008DBE0080B4FF5783CDFFEB3A9090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB730B75198B1E83EEFC11DB7210586190EB05E8EB0440"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake UPX 0.89.6-1.02/1.05-1.24";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("53558be833dbeb$$e800000000582d........506033c9505850508be851fd2e2b84..........8bf02e03b4..........8bf8"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake WWPack32 1.x";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60E8000000005D81EDF31D4000B97B0900008DBD3B1E40008BF7AC902C8AC0C078900462EB010061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200"))
|
|
{
|
|
sVersion="0.32a";
|
|
sOptions="fake yoda's cryptor 1.2";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8"))
|
|
{
|
|
sVersion="0.1";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("60D1CB0FCAC1CAE0D1CA0FC8EB01F1"))
|
|
{
|
|
sVersion="0.31";
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003"))
|
|
{
|
|
sVersion="0.32a";
|
|
bDetected=1;
|
|
}
|
|
|
|
return result(bShowType,bShowVersion,bShowOptions);
|
|
}
|