mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
4eebb1c386
Renamed numerous db_extra/PE and db/Binary rule files to use consistent prefixes (e.g., cryptor_, protector_, installer_, etc.) for improved organization and clarity. Minor metadata and whitespace adjustments were made in a few files to match naming conventions.
30 lines
No EOL
835 B
JavaScript
30 lines
No EOL
835 B
JavaScript
// Detect It Easy: detection rule file
|
|
|
|
meta("protector", "EncryptPE");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("609C64FF3500000000E8")) {
|
|
switch (PE.readDword(PE.nEP + 10)) {
|
|
case 0x179:
|
|
sVersion = "1.2003.3.18-1.2003.5.18";
|
|
break;
|
|
case 0x17a:
|
|
sVersion = "2.2004.6.16-2.2006.6.30";
|
|
break;
|
|
case 0x173:
|
|
sVersion = "2.2006.7.10-2.2006.10.25";
|
|
break;
|
|
case 0x21b:
|
|
sVersion = "2.2007.04.11";
|
|
break;
|
|
}
|
|
|
|
bDetected = true;
|
|
}
|
|
// else if (PE.compareEP("807c24....0f85........60be........8dbe........5783cd..eb")) {
|
|
// sOptions = "Delphi file protected";
|
|
// bDetected = true;
|
|
// }
|
|
|
|
return result();
|
|
} |