Detect-It-Easy/db/PE/Microsoft_Class_Installer.1.sg

// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>

init("installer", "Microsoft Class Installer for Java");

function detect() {
    if (PE.compareEP("64A1........558BEC6A..68........68........50648925........83EC..5356578965..FF15")) {
        for (var i = 0; i < PE.resource.length; i++) {
            if (PE.resource[i].Type == 280) //ZIP
            {
                if (PE.compare("'PK'0304", PE.resource[i].Offset)) {
                    sVersion = "4.x";
                    sOptions = "zip";
                    bDetected = true;
                    break;
                }
            }
        }
    }

    return result();
}