mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
39 lines
No EOL
1.3 KiB
JavaScript
Executable file
39 lines
No EOL
1.3 KiB
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
|
|
init("cryptor", "RCryptor");
|
|
|
|
function detect() {
|
|
if (PE.compareEP("90589050908B00903C5090580F8567D6EF115068")) {
|
|
sVersion = "1.??";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("8B042483E84F68........FFD0")) {
|
|
sVersion = "1.1";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("558BEC8B44240483E84F68........FFD0585950")) {
|
|
sVersion = "1.3/1.4";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("6183EF4F6068........FFD7")) {
|
|
sVersion = "1.3b";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("832C244F68........FF542404834424044F")) {
|
|
sVersion = "1.5";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("33D068........FFD2")) {
|
|
sVersion = "1.6";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("8BC70304242BC78038500F851B8B1FFF68")) {
|
|
sVersion = "1.6b/1.6c";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("60906161807FF04590600F851B8B1FFF68")) {
|
|
sVersion = "1.6d";
|
|
bDetected = true;
|
|
} else if (PE.compareEP("F7D183F1FF6A00F7D183F1FF810424........F7D183F1FF")) {
|
|
if (PE.compareEP("E8", 24)) {
|
|
sOptions = "Hide EP";
|
|
}
|
|
sVersion = "2.0";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |