mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
16 lines
No EOL
505 B
JavaScript
16 lines
No EOL
505 B
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: hypn0 <hypn0@mail.ru>
|
|
|
|
init("protector", "Ste@lth PE");
|
|
|
|
function detect() {
|
|
if (PE.findSignature(PE.getSize() - 0x40, 0x40, "ba........b8........8902424242b8........89024a4a4affd2") != -1) {
|
|
sVersion = "2.x";
|
|
bDetected = true;
|
|
} else if (PE.findSignature(PE.getSize() - 0x40, 0x40, "b8........ba........8910404040ba........891048484850c3") != -1) {
|
|
sVersion = "2.x";
|
|
bDetected = true;
|
|
}
|
|
|
|
return result();
|
|
} |