mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
17 lines
No EOL
580 B
JavaScript
Executable file
17 lines
No EOL
580 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "IntelliProtector");
|
|
|
|
function detect() {
|
|
var nLastSectionOffset = PE.section[PE.nLastSection].FileOffset;
|
|
if (PE.compare("E9........CC", nLastSectionOffset)) {
|
|
var nVersionOffset = PE.findString(nLastSectionOffset, PE.section[PE.nLastSection].FileSize, "Protected by IntelliProtector");
|
|
if (nVersionOffset != -1) {
|
|
sVersion = PE.getString(nVersionOffset + 30);
|
|
bDetected = true;
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |