Detect-It-Easy/db/PE/BitShape_PE_Crypt.2.sg

// Detect It Easy: detection rule file

init("protector", "BitShape PE Crypt");

function detect() {
    if (PE.compareEP("60E8000000005D81ED........B97B0900008DBD........8BF7AC")) {
        sVersion = "1.5";
        bDetected = true;
    } else if (PE.compareEP("E8000000005B83EB05EB04'RND!'EB02CD20EB")) {
        sVersion = "1.0/1.01/1.02";
        bDetected = true;
    }

    return result();
}