mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
9e621e1954
Renamed and moved numerous .sg files in the db directory to follow a more consistent naming convention and directory structure, grouping by type (e.g., compiler, cruncher, packer, protector, etc.). This improves maintainability and clarity of the signature database organization.
159 lines
No EOL
7 KiB
JavaScript
159 lines
No EOL
7 KiB
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: fernandom - menteb.in
|
|
|
|
meta("compiler", "Go");
|
|
|
|
function detect() {
|
|
|
|
if (ELF.isSectionNamePresent(".gosymtab") ||
|
|
ELF.isSectionNamePresent(".gopclntab") ||
|
|
ELF.isSectionNamePresent(".go.buildinfo") ||
|
|
ELF.isSectionNamePresent(".note.go.buildid")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
//x86-64
|
|
if (ELF.compareEP("488d742408488b3c24b810174200ffe0b870f94100ffe0000000000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.2.2";
|
|
} else if (ELF.compareEP("488d742408488b3c24b8907f4200ffe0b800564200ffe0000000000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3 or 1.3.1";
|
|
} else if (ELF.compareEP("488d742408488b3c24b8c07f4200ffe0b830564200ffe0000000000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3.2";
|
|
} else if (ELF.compareEP("488d742408488b3c24b8e07f4200ffe0b850564200ffe0000000000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3.3";
|
|
} else if (ELF.compareEP("488d742408488b3c24488d0510000000ffe00000000000000000000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.4.x or 1.5.X";
|
|
} else if (ELF.compareEP("488d742408488b3c24488d0510000000ffe0cccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.6.X-1.9.X";
|
|
} else if (ELF.compareEP("e92bc9ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.10.X";
|
|
} else if (ELF.compareEP("e9cbc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.11.X";
|
|
} else if (ELF.compareEP("e9dbc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.12.X";
|
|
} else if (ELF.compareEP("e92bc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.13.X";
|
|
} else if (ELF.compareEP("e92bc4ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.14.X";
|
|
} else if (ELF.compareEP("e91bcbffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.15.X";
|
|
} else if (ELF.compareEP("e95bcaffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.16.X";
|
|
} else if (ELF.compareEP("e93bc6ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.17.X";
|
|
} else if (ELF.compareEP("e9fbc5ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.18.X";
|
|
} else if (ELF.compareEP("e99bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.22.X-1.23.X";
|
|
} else if (ELF.compareEP("e95bc5ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.20.X";
|
|
} else if (ELF.compareEP("e9bbc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.23.X";
|
|
} else if (ELF.compareEP("e9dbc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.23.2";
|
|
} else if (ELF.compareEP("e91bc7ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.23.5";
|
|
} else if (ELF.compareEP("e95bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.24.X";
|
|
} else if (ELF.compareEP("e97bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.24.X";
|
|
} else if (ELF.compareEP("4831ed4889e7488d35........4883e4..e8........8b37488d57..49c7c0")) {
|
|
bDetected = true;
|
|
sVersion = "1.24.0";
|
|
} else if (ELF.compareEP("31ed4989d15e4889e24883e4..505449c7c0........48c7c1........48c7c7")) {
|
|
bDetected = true;
|
|
sVersion = "1.24.1";
|
|
}
|
|
|
|
//x86
|
|
else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e87902ffffe804000000cd030000")) {
|
|
bDetected = true;
|
|
sVersion = "1.2.2";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e8f977feffe804000000cd030000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3 or 1.3.1";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e8e977feffe804000000cd030000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3.2";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e8c977feffe804000000cd030000")) {
|
|
bDetected = true;
|
|
sVersion = "1.3.3";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e89932ffffe804000000cd030000")) {
|
|
bDetected = true;
|
|
sVersion = "1.4.X";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e809000000cd0300000000000000")) {
|
|
bDetected = true;
|
|
sVersion = "1.5.X";
|
|
} else if (ELF.compareEP("83ec088b4424088d5c240c890424895c2404e809000000cd03cccccccccccccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.6.X-1.9.X";
|
|
}
|
|
else if (ELF.compareEP("e9....ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.10";
|
|
} else if (ELF.compareEP("e9ebd8ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.10.X";
|
|
} else if (ELF.compareEP("e96bdbffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.11.X";
|
|
} else if (ELF.compareEP("e97b..ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.12.X";
|
|
} else if (ELF.compareEP("e99bffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.13.X";
|
|
} else if (ELF.compareEP("e99bd9ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.14.X";
|
|
} else if (ELF.compareEP("e9abdcffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.15.X";
|
|
} else if (ELF.compareEP("e9dbdcffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.16.X";
|
|
} else if (ELF.compareEP("e92bdeffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.17.X";
|
|
} else if (ELF.compareEP("e9..ddffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.23.X-1.24.X";
|
|
}
|
|
/*
|
|
// generic rule for amd64 and 386
|
|
else if (ELF.compareEP("e9....ffff..................................................cccc")) {
|
|
bDetected = true;
|
|
sVersion = "1.10.X-1.17.X";
|
|
}
|
|
*/
|
|
// arm
|
|
else if (ELF.compareEP("00009de504108de204409fe500f084e2feffffea")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
sLang = "Go";
|
|
|
|
return result();
|
|
} |