mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
20 lines
No EOL
746 B
JavaScript
20 lines
No EOL
746 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: Arjan Onwezen
|
|
|
|
init("format", "Registry file");
|
|
|
|
function detect() {
|
|
if (Binary.compare("'REGEDIT4'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "v4"
|
|
} else if (Binary.compare("'Windows Registry Editor Version 5.00'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "v5"
|
|
} else if (Binary.compare("FF FE 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6F 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 20 00 35 00 2E 00 30 00 30 00 0D 00 0A 00 0D 00 0A 00")) {
|
|
bDetected = true;
|
|
sVersion = "v5"
|
|
sOption("UTF-16LE");
|
|
}
|
|
|
|
return result();
|
|
} |