mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
19 lines
No EOL
500 B
JavaScript
Executable file
19 lines
No EOL
500 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "HackShield");
|
|
|
|
function detect() {
|
|
var impSection = PE.section[PE.getImportSection()];
|
|
if (impSection) {
|
|
var nOffset = impSection.FileOffset,
|
|
nSize = impSection.FileSize;
|
|
|
|
nSize = Math.min(nSize, 0x2048);
|
|
if (PE.findString(nOffset, nSize, "TerminateHackShield") != -1) {
|
|
bDetected = true;
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |