mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
37 lines
No EOL
1.3 KiB
JavaScript
Executable file
37 lines
No EOL
1.3 KiB
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: hypn0 <hypn0@mail.ru>
|
|
|
|
init("protector", "Secure");
|
|
|
|
function detect() {
|
|
if (MSDOS.compareEP("8CC805....50B8....50B0..068CD20683....50B0..52FC508CD28CCDBB....03EB4A8EDD8EC24DB9....33FFBE....AD35....ABE2")) {
|
|
sVersion = "2.1b";
|
|
bDetected = true;
|
|
}
|
|
// else if(MSDOS.compareEP("e8$$$$9083f3..f972..0f6b5b..50b8....58eb$$eb$$b9....3e8336......f972"))
|
|
// {
|
|
// sVersion="0.19";
|
|
// bDetected=1;
|
|
// }
|
|
else if (MSDOS.compareEP("8CC805....50B8....50CB")) {
|
|
sVersion = "2.1b";
|
|
bDetected = true;
|
|
}
|
|
// else if(MSDOS.compareEP("e8$$$$f972......5b3bd453f972......b9....2e8037..43e2"))
|
|
// {
|
|
// sVersion="0.19";
|
|
// bDetected=1;
|
|
// }
|
|
else if (MSDOS.compareEP("e8$$$$fa4c904c81f3....56be....5eeb$$eb$$81f3....444490fb5bf7c2....eb$$53b9....eb")) {
|
|
sVersion = "0.29";
|
|
bDetected = true;
|
|
} else if (MSDOS.compareEP("e8")) {
|
|
var offset = MSDOS.readWord(MSDOS.getEntryPointOffset() + 1) + MSDOS.getEntryPointOffset() + 3;
|
|
if (MSDOS.findSignature(offset, MSDOS.getSize() - offset, "2e8037..43e2f9") != -1) {
|
|
sVersion = "0.19";
|
|
bDetected = true;
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |