mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
9e621e1954
Renamed and moved numerous .sg files in the db directory to follow a more consistent naming convention and directory structure, grouping by type (e.g., compiler, cruncher, packer, protector, etc.). This improves maintainability and clarity of the signature database organization.
23 lines
No EOL
813 B
JavaScript
23 lines
No EOL
813 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: hypn0 <hypn0@mail.ru>
|
|
|
|
meta("protector", "com-crypt");
|
|
|
|
function detect() {
|
|
if (Binary.compare("b8....ffe0")) {
|
|
sOffset = Binary.readWord(1);
|
|
if (Binary.compare("5756bf....b8....abb8....abb0..aa89feb9....31dbad01c329cb89d8abe2", sOffset - 0x100)) {
|
|
sOptions = "by BlackLight, MANtiCORE";
|
|
bDetected = true;
|
|
} else if (Binary.compare("be....562ec704....2ec744......2ec644....b9....8a0434..880446", sOffset - 0x100)) {
|
|
sName = "com-crypt on BASIC";
|
|
sOptions = "by BlackLight, MANtiCORE";
|
|
bDetected = true;
|
|
}
|
|
} else if (Binary.compare("e8$$$$b7..538b4f..8a47..c0c8..880743e2")) {
|
|
sOptions = "by Frenzy";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |