Detect-It-Easy/db/PE/ElecKey.2.sg

// Detect It Easy: detection rule file
// 2022.04.16 2.00.X version Thanks: A.S.L. <asl@onet.eu>

init("protector", "ElecKey");

function detect() {
    if (PE.isNET()) {
        if (PE.isSignatureInSectionPresent(0, "83c42068........68........c744240800000000ff15........50ff15........85c0a3")) {
            sOptions = "AnyCPU";
            bDetected = true;
        } else if (PE.isSignatureInSectionPresent(0, "488b0dd2be01006641b83200488d917b070000ff15a040010033c9ff15b8400100488b")) {
            sOptions = "x64";
            bDetected = true;
        }
    }

    if (!bDetected) {
        // 2.00.X
        if (PE.isPEPlus()) {
            if (PE.compareEP("41504151515257535556E8000000005B48B8................482BD8488BEB")) {
                sVersion = "2.00.X";
                bDetected = true;
            }
        } else {
            if (PE.compareEP("515257535556E8000000005BB8........2BD8")) {
                sVersion = "2.00.X";
                bDetected = true;
            }
        }
    }

    return result();
}