mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
18 lines
No EOL
541 B
JavaScript
Executable file
18 lines
No EOL
541 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "CodeCrypt");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("E9........EB02833D58EB02FF1D5BEB020FC75F")) {
|
|
switch (PE.readDword(PE.getEntryPointOffset() + 1)) {
|
|
case 0x2c5: sVersion = "0.14b"; break;
|
|
case 0x331: sVersion = "0.15b"; break;
|
|
case 0x32e: sVersion = PE.compareEP("EB03FF1D34", 20) ? "0.164" : "0.16b-0.163b";
|
|
}
|
|
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |