Detect-It-Easy/db/PE/packer_HTML_executable.1.sg

// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>

meta("packer", "HTML Executable");

function detect() {
    if (PE.compareEP("558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3")) {
        if (PE.compareOverlay("'GHE32'")) {
            bDetected = true;
        }
    } else if (PE.compareEP("558becb9........6a..6a..4975..535657b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3")) {
        if (PE.compareOverlay("'HEEG'")) {
            bDetected = true;
        }
    }

    sLang = "HTML";

    return result();
}