Detect-It-Easy/db_extra/PE/protector_ARM_Protector.2.sg

// Detect It Easy: detection rule file

meta("protector", "ARM Protector");

function detect() {
    if (PE.compareEP("E8040000008360EB0C5DEB05")) {
        switch (PE.readDword(PE.nEP + 42)) {
            case 0xAB3: sVersion = "0.5"; break;
            case 0xBA1: sVersion = "0.6"; break;
            default:
                sVersion = "0.1b-0.3b";
        }
        bDetected = true;
    }

    return result();
}