mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
25 lines
No EOL
697 B
JavaScript
25 lines
No EOL
697 B
JavaScript
// Detect It Easy: detection rule file
|
|
|
|
// Author: DosX
|
|
// E-Mail: collab@kay-software.ru
|
|
// GitHub: https://github.com/DosX-dev
|
|
// Telegram: @DosX_dev
|
|
|
|
// https://github.com/ZermangoLove/OneVM-Source-Code
|
|
init("protector", "OneVM");
|
|
|
|
function detect() {
|
|
if (PE.isNET() &&
|
|
PE.isNetObjectPresent("Koi") &&
|
|
PE.isNetObjectPresent("OneVM.Runtime") &&
|
|
PE.isSignatureInSectionPresent(0, "72 .. .. .. .. 73 .. .. .. .. 7A") && // throw
|
|
PE.isSignatureInSectionPresent(0, "%% 00 %% %% %% %% %% %% %% %% 00 %%")) {
|
|
bDetected = true;
|
|
|
|
if (PE.isNetUStringPresent("OneVM V2 BETA")) {
|
|
sVersion = "v2, beta";
|
|
}
|
|
}
|
|
|
|
return result();
|
|
} |