mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
09e52a2dc9
Renamed and reorganized numerous database files across APK, DEX, ELF, PE, and other directories to use consistent prefixes such as 'library_', 'protector_', 'packer_', 'cryptor_', 'tool_', and similar. This improves clarity, maintainability, and categorization of the database entries.
26 lines
No EOL
634 B
JavaScript
26 lines
No EOL
634 B
JavaScript
// Detect It Easy: detection rule file
|
|
|
|
// Author: DosX
|
|
// E-Mail: collab@kay-software.ru
|
|
// GitHub: https://github.com/DosX-dev
|
|
// Telegram: @DosX_dev
|
|
|
|
meta("packer", "PyInstaller"); // python = 💩
|
|
|
|
function detect() {
|
|
|
|
// they insert pkgs into the section named "pydata"
|
|
const pydata = ELF.getSectionNumber("pydata")
|
|
|
|
// we can find the magic number in the section
|
|
if (pydata != -1 && ELF.findSignature(
|
|
ELF.getSectionFileOffset(pydata),
|
|
ELF.getSectionFileSize(pydata),
|
|
"4d45490c0b0a0b0e"
|
|
) != -1)
|
|
bDetected = true;
|
|
|
|
sLang = "Python";
|
|
|
|
return result();
|
|
} |