Detect-It-Easy/db/COM/SDW.2.sg

// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>

init("cryptor", "Shadow Com Cryptor (SDW)");

function detect() {
    if (Binary.compare("e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....75..e8")) {
        sVersion = "1.7x";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    } else if (Binary.compare("e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....74..50584c4c5b33c3")) {
        sVersion = "1.78";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    } else if (Binary.compare("e9$$$$ac2d....04..89c5e8....f514..f9362633f6")) {
        sVersion = "1.79";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    } else if (Binary.compare("e9$$$$e9$$$$e4..e8....e4..e9$$$$26fb78")) {
        sVersion = "1.7";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    } else if (Binary.compare("b8....bd....2e8a76..80f6..80ee..2e8876..83c5..4874..eb")) {
        sVersion = "1.80";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    } else if (Binary.compare("be....31d281c2....2e8034..83ee..83c2..74..31c005....50c3")) {
        sVersion = "1.80";
        sOptions = "by MANtiC0RE";
        bDetected = true;
    }

    return result();
}