Detect-It-Easy/db/PE/Smart_Assembly.2.sg

// Detect It Easy: detection rule file

init("protector", "Smart Assembly");

function detect() {
    if (PE.isNET()) {
        if (PE.isSignatureInSectionPresent(0, "20ffffff005f175920ffff0000")) {
            sVersion = "3.X";
            bDetected = true;
        } else if (PE.isNetObjectPresent("Powered by {smartassembly}")) {
            sVersion = "1.X-4.X";
            bDetected = true;
        } else if (PE.isNetObjectPresent("Powered by SmartAssembly")) {
            sVersion = "5.X";
            bDetected = true;
        } else if (PE.isNetObjectPresent("SmartAssembly.Attributes")) {
            bDetected = true;
        } else if ((nOffset = PE.findString(PE.section[0].FileOffset,
                PE.section[0].FileSize,
                "Powered by SmartAssembly ")) != -1) {
            sVersion = PE.getString(nOffset + 25);
            bDetected = true;
        } else {
            var nEPSection = PE.getEntryPointSection();
            if (nEPSection != -1) {
                if ((nOffset = PE.findString(PE.section[nEPSection].FileOffset,
                        PE.section[nEPSection].FileSize,
                        "Powered by {smartassembly}")) != -1) {
                    bDetected = true;
                }
            }
        }
    }

    return result();
}