mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
22 lines
637 B
Text
22 lines
637 B
Text
// DIE's signature file
|
|
|
|
init("packer","XComp");
|
|
|
|
function detect(bShowType,bShowVersion,bShowOptions)
|
|
{
|
|
if(PE.getNumberOfImports()==1
|
|
&&PE.getNumberOfImportThunks(0)==5
|
|
&&PE.getImportFunctionName(0,0)=="GetProcAddress"
|
|
&&PE.getImportFunctionName(0,1)=="LoadLibraryA"
|
|
&&PE.getImportFunctionName(0,2)=="VirtualAlloc"
|
|
&&PE.getImportFunctionName(0,3)=="VirtualFree"
|
|
&&PE.getImportFunctionName(0,4)=="VirtualProtect")
|
|
{
|
|
if(PE.compareEP("68........9c60e8$$$$$$$$e8$$$$$$$$5b5d833b00"))
|
|
{
|
|
bDetected=1;
|
|
}
|
|
}
|
|
|
|
return result(bShowType,bShowVersion,bShowOptions);
|
|
}
|