Detect-It-Easy/db/PE/CodeCrypt.2.sg

// Detect It Easy: detection rule file

init("protector", "CodeCrypt");

function detect() {
    if (PE.compareEP("E9........EB02833D58EB02FF1D5BEB020FC75F")) {
        switch (PE.readDword(PE.nEP + 1)) {
            case 0x2c5:
                sVersion = "0.14b";
                break;
            case 0x331:
                sVersion = "0.15b";
                break;
            case 0x32e:
                sVersion = (PE.compareEP("EB03FF1D34", 20)) ? "0.164" : "0.16b-0.163b";
        }
        bDetected = true;
    }

    return result();
}