mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
Detect-It-Easy/db/MSDOS/WWPACK.2.sg
DosX 90fc9474d7 -
2024-11-12 20:11:38 +03:00

89 lines
No EOL
4.1 KiB
JavaScript
Executable file
Raw Blame History

// Detect It Easy: detection rule file
init("packer", "WWPACK");
function detect() {
if (MSDOS.compare("'WWP'", 0x1c)) {
if (MSDOS.compareEP("B8....8CCA03D08CC981C1....51")) {
if (MSDOS.compareEP("6A..06068CD383....536A..FC", 14)) {
sVersion = "3.00";
sOptions = "Extractable";
} else if (MSDOS.compareEP("33C9B1..510606BB....538CD3", 14)) {
sVersion = "3.02";
sOptions = "Extractable";
} else if (MSDOS.compareEP("BB....53", 20)) {
sVersion = "3.03";
} else if (MSDOS.compareEP("B1..518CD3", 20)) {
sVersion = "3.05c4";
sOptions = "Modified";
}
} else if (MSDOS.compareEP("BE....BA....BF....B9....8CCD8EDD81ED....06068BDD2BDA8BD3FC")) {
sVersion = "3.00";
sOptions = "Relocations pack";
} else if (MSDOS.compareEP("BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA1E8EDB011533C02EAC")) {
sVersion = "3.02";
sOptions = "Relocations pack";
} else if (MSDOS.compareEP("0305....B8....8CCA03D08CC981C1....51B9....510606B1..518CD3")) {
sVersion = "3.05c4";
if (MSDOS.compareEP("1A", 3)) {
sOptions = "Extractable";
} else if (MSDOS.compareEP("1B", 3)) {
sOptions = "Unextractable";
}
if (MSDOS.compareEP("C0", 2)) {
sOptions = sOptions.append("Password check", "Virus shield");
} else if (MSDOS.compareEP("80", 2)) {
sOptions = sOptions.append("Password check");
} else if (MSDOS.compareEP("40", 2)) {
sOptions = sOptions.append("Virus shield");
}
}
bDetected = true;
} else if (MSDOS.compareEP("BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA")) {
sVersion = "3.04/3.05";
sOptions = "Relocations pack";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....51b9....510606b1..518cd383eb..53b1")) {
sVersion = "3.05beta P";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....51b9....510606fc8cd5b1..51b1..8cd3")) {
sVersion = "3.0x P";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....51b9....510606b1..51fc8cd5b1..8cd3")) {
sVersion = "3.0x P";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....51b9....510606bb....538cd383eb..53b1")) {
sVersion = "3.03 PU";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....5133c9b1..510606bb....538cd383eb..53b1")) {
sVersion = "3.02, 3.02a P";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d0fc8cd58cc981c1....51b9....510606b1..51b1..8cd383eb..53514d")) {
sVersion = "3.04 PR";
sOptions = "Relocations pack";
bDetected = true;
} else if (MSDOS.compareEP("fa1e8ed8b8....cd218ed98bd3b8....cd211fe800005a83c2..87d4ffe4")) {
sVersion = "3.05 PU";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08cc981c1....516a..06068cd383eb..536a..fc8cd5be....33ff")) {
sVersion = "3.0 P";
bDetected = true;
} else if (MSDOS.compareEP("be....ba....bf....b9....8ccd8edd81ed....06068bdd2bda8bd3fc8ec3")) {
sVersion = "3.0";
sOptions = "Relocations pack";
bDetected = true;
} else if (MSDOS.compareEP("ba....faf9............72..0633c98ec1bf....ab8bc6ab07e8....5a")) {
sVersion = "3.03 PU";
sOptions = "Relocations pack modified";
bDetected = true;
} else if (MSDOS.compareEP("faba....f8bb....b9....73..0633c98ec1bf....ab8bc6ab07e8....5a")) {
sVersion = "3.03 PU";
sOptions = "Relocations pack";
bDetected = true;
} else if (MSDOS.compareEP("b8....8cca03d08ccd81c5....55b9....510606b1..518cd383eb..53b1..51fc8cd5be....33ff")) {
sVersion = "3.05c PU";
bDetected = true;
}
return result();
}
Reference in a new issue View git blame Copy permalink