Detect-It-Easy/db/PE/HackShield.2.sg

// Detect It Easy: detection rule file

init("protector", "HackShield");

function detect() {
    var nImportSection = PE.getImportSection();
    if (nImportSection != 0) {
        var nOffset = PE.section[nImportSection].FileOffset;
        var nSize = PE.section[nImportSection].FileSize;
        nSize = Math.min(nSize, 0x2048);
        if (PE.findString(nOffset, nSize, "TerminateHackShield") != -1) {
            bDetected = true;
        }
    }

    return result();
}