mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
65 lines
No EOL
2.7 KiB
JavaScript
Executable file
65 lines
No EOL
2.7 KiB
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: hypn0 <hypn0@mail.ru>
|
|
|
|
init("protector", "RSCC");
|
|
|
|
function detect() {
|
|
if (Binary.compare("b1..32ff82c7..b2..b5..b3..81c2....d0c203d133d1f7d232d13097")) {
|
|
sVersion = "1.03";
|
|
bDetected = true;
|
|
} else if (Binary.compare("....82........81......32..80....2b..81")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("....80........81......30..80....30..80")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("32ed80c5..b2..b6..29ff81cf....32c980")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("29ff81f7....33d281f2....31c981c9....f81015a64975..fa53f889ea8944")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("2aed80cd..28c982c1..2ad282ca..bb....81c2....f7da03d102d128174383")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("28ed82cd..2aff82cf..32db80f3..b1..33c081c0....05....d0c033c1f7d002c1f83187")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("30c982f1..29d281ca....be....32ed82f5..81c2....d0c2f7da33d1")) {
|
|
sVersion = "1.03";
|
|
bDetected = true;
|
|
} else if (Binary.compare("32ff82c7..b3..30ed80c5..b1..f88197........4343e2")) {
|
|
sVersion = "1.03";
|
|
bDetected = true;
|
|
} else if (Binary.compare("f5bb....b8....bf....2e8037..81ff....4374..4875..90b5..1f9b")) {
|
|
sVersion = "1.20";
|
|
bDetected = true;
|
|
} else if (Binary.compare("33d281f2....2bdb81f3....b9....3197....83c3..497f..2a142cca3aca")) {
|
|
sVersion = "1.04";
|
|
bDetected = true;
|
|
} else if (Binary.compare("2bc981c1....29d281f2....33db81c3....81c2....291783c3..497f..ab")) {
|
|
sVersion = "1.03";
|
|
bDetected = true;
|
|
} else if (Binary.compare("b9....2bdb81cb....f880b7......434975..55fc532245..ef57f9")) {
|
|
sVersion = "1.03";
|
|
bDetected = true;
|
|
} else if (Binary.compare("bf....8bf7b9....b4..8a0532c480c4..aae2")) {
|
|
sVersion = "1.0x";
|
|
sOptions = "mutated COM like RSCC";
|
|
bDetected = true;
|
|
} else if (Binary.compare("b9....be....8bfeadd1c034..86c42ae003c7abe2")) {
|
|
sVersion = "1.0x";
|
|
sOptions = "mutated COM like RSCC";
|
|
bDetected = true;
|
|
} else if (Binary.compare("fc50be....bf....57b9....f3a4c3")) {
|
|
sVersion = "1.0x";
|
|
sOptions = "mutated COM like RSCC";
|
|
bDetected = true;
|
|
} else if (Binary.compare("eb$$fcbe....bf....57b9....f3a4bf....be....b9....c3")) {
|
|
sVersion = "1.0x";
|
|
sOptions = "mutated COM like RSCC";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |