mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
22 lines
No EOL
675 B
JavaScript
Executable file
22 lines
No EOL
675 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
|
|
meta("protector", "PEBundle");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("9C60E802......33C08BC483C004938BE38B5BFC81EB........87DD")) {
|
|
switch (PE.getEntryPointSignature(28, 2)) {
|
|
case "6A04": sVersion = "0.2-2.0X"; break;
|
|
case "01AD": sVersion = "2.0b5-2.3"; break;
|
|
case "83BD": sVersion = "2.44"; break;
|
|
case "80BD": sVersion = "3.XX"; break;
|
|
}
|
|
bDetected = true;
|
|
|
|
if (!PE.isSectionNamePresentExp(/^(peb|PEB)undle$/)) {
|
|
sOptions = "modified";
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |