Detect-It-Easy/db/PE/WinImage.1.sg

// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>

init("sfx", "WinImage");

function detect() {
    if (PE.compareEP("64a1........558bec6a..68........68........50a1........648925........8b0d........83ec..89018b15")) {
        if (PE.compareOverlay("'RsDl'")) {
            sOptions = "1998 by Gilles Vollant";
            bDetected = true;
        }
    }

    return result();
}