Detect-It-Easy/db/PE/IntelliProtector.2.sg

// Detect It Easy: detection rule file

init("protector", "IntelliProtector");

function detect() {
    var nLastSectionOffset = PE.section[PE.nLastSection].FileOffset;
    if (PE.compare("E9........CC", nLastSectionOffset)) {
        var nLastSectionSize = PE.section[PE.nLastSection].FileSize;
        var nVersionOffset = PE.findString(nLastSectionOffset, nLastSectionSize, "Protected by IntelliProtector");
        if (nVersionOffset != -1) {
            sVersion = PE.getString(nVersionOffset + 30);
            bDetected = true;
        }
    }

    return result();
}