mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
a7b081afa3
Detection rule files were renamed and reorganized to use more descriptive prefixes (e.g., compiler_, packer_, sfx_, etc.) for improved clarity and maintainability. Minor code formatting changes were made to some files, and a new detection rule for IBM VisualAge PL/I was added.
14 lines
No EOL
357 B
JavaScript
14 lines
No EOL
357 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: A.S.L. <asl@onet.eu> 2019.10.20
|
|
|
|
meta("protector", "Photo Compiler");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("558bEC83C4F0B8") && PE.compareOverlay("'PK'")) {
|
|
if (PE.isSignatureInSectionPresent(0, "'PhotoCompiler.Runtime'")) {
|
|
bDetected = true;
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |