mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
1db7ae8b55
Rename and reorganize multiple MSDOS rule files into categorized names (compiler_*, converter_*, debug_data_*, protector_*). Add sLang="C" to Aztec C detection, adjust Borland TDS meta key to "debug data" and tweak its description. Improve PE generic heuristic whitelist with many new/expanded regexes for dates, versions, GUIDs/hashes, naming conventions, platform identifiers and product/package tokens. Update author/attribution comments for several PE cryptor/compiler rules to DosX, and fix detection logic in Duals eXe Encryptor by marking bDetected earlier. Miscellaneous formatting and comment cleanups.
13 lines
No EOL
304 B
JavaScript
13 lines
No EOL
304 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "BlackWolf Protection");
|
|
|
|
function detect() {
|
|
if (MSDOS.compareEP("061e0e0e071fbe....b9....871481c2....53e8")) {
|
|
sOptions = "1996 by p.q.";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |