mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
9e621e1954
Renamed and moved numerous .sg files in the db directory to follow a more consistent naming convention and directory structure, grouping by type (e.g., compiler, cruncher, packer, protector, etc.). This improves maintainability and clarity of the signature database organization.
20 lines
No EOL
752 B
JavaScript
20 lines
No EOL
752 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: Arjan Onwezen
|
|
|
|
meta("format", "Registry file");
|
|
|
|
function detect() {
|
|
if (Binary.compare("'REGEDIT4'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "4.0";
|
|
} else if (Binary.compare("'Windows Registry Editor Version 5.00'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "5.0";
|
|
} else if (Binary.compare("FF FE 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6F 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 20 00 35 00 2E 00 30 00 30 00 0D 00 0A 00 0D 00 0A 00")) {
|
|
bDetected = true;
|
|
sVersion = "5.0";
|
|
sOption("UTF-16LE");
|
|
}
|
|
|
|
return result();
|
|
} |