mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
dc2a925b3d
Renamed PE rule files to use a consistent naming convention with prefixes indicating their type (e.g., compiler_, packer_, installer_, etc.). Also updated file permissions to 100644 where needed and made minor whitespace-only changes to some files for consistency. This improves maintainability and clarity of the signature database.
18 lines
No EOL
699 B
JavaScript
18 lines
No EOL
699 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: hypn0 <hypn0@mail.ru>
|
|
|
|
// https://www.softwarekey.com/blog/softwarekey-system-releases/protection-plus-4-6-0-8-and-instant-plus-3-2-0-4-released/
|
|
meta("protector", "Protection Plus");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("506029c064ff30e8........5d83ed..89e889a5........2b85........8985........8d85........508b0085c00f85")) {
|
|
sVersion = "4.X";
|
|
bDetected = true;
|
|
} else if (PE.isImportPositionHashPresent(0, 0x174efb84) && PE.compare("'{4A6E2EB8-0392-4258-9C91-65BB5FF8F1F9}'", PE.getEntryPointOffset() - 0x27)) {
|
|
sName += " Wrapper";
|
|
sVersion = "4.6+";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |