mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
22 lines
No EOL
682 B
JavaScript
Executable file
22 lines
No EOL
682 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "Krypton");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("8B0C24E90A7C01..AD4240BDBE9D7A04")) {
|
|
sVersion = "0.2";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("8B0C24E9C08D01..C13A6ECA5D7E796DB3645A71EA")) {
|
|
sVersion = "0.3";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("54E8........5D8BC581ED........2B85")) {
|
|
switch (PE.getEntryPointSignature(21, 3)) {
|
|
case "83E806": sVersion = "0.4"; break;
|
|
case "EB43DF": sVersion = "0.5"; break;
|
|
}
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |