mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
09e52a2dc9
Renamed and reorganized numerous database files across APK, DEX, ELF, PE, and other directories to use consistent prefixes such as 'library_', 'protector_', 'packer_', 'cryptor_', 'tool_', and similar. This improves clarity, maintainability, and categorization of the database entries.
19 lines
No EOL
593 B
JavaScript
19 lines
No EOL
593 B
JavaScript
// Detect It Easy: detection rule file
|
|
|
|
// Author: DosX
|
|
// E-Mail: collab@kay-software.ru
|
|
// GitHub: https://github.com/DosX-dev
|
|
// Telegram: @DosX_dev
|
|
|
|
// https://github.com/mt-code/ByteGuard
|
|
meta("protector", "ByteGuard");
|
|
|
|
function detect() {
|
|
if (PE.isNet() && PE.isNetGlobalCctorPresent() && (PE.section[0].Name === ".text" || PE.isSectionNamePresent("UPX")) &&
|
|
PE.isNetUStringPresent("C# version only supports level 1 and 3") &&
|
|
PE.compareOverlay("%% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %%")) {
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |