Detect-It-Easy/db/PE/protector_SpicesNet.2.sg

// Detect It Easy: detection rule file
// 25.11.2018 added 5.X Version -  A.S.L - asl@onet.eu

meta("protector", "Spices.Net");

function detect() {
    if (PE.isNet()) {
        if (PE.isNetObjectPresent("NineRays.Obfuscator")) {
            if (PE.isSignaturePresent(PE.section[1].FileOffset - 512, 512, "'Built using an evaluation version of 9Rays.Net Spices.Obfuscator.'")) {
                sOptions = "demo";
            }

            bDetected = true;
        }

        if (!bDetected) {
            var spicesSignature = "'9Rays.Net Spices.Net Obfuscator'";
            if (PE.isDll()) {
                if (PE.isSignatureInSectionPresent(1, spicesSignature) || PE.isSignatureInSectionPresent(0, spicesSignature)) {
                    sVersion = "5.X";
                    sOptions = "DLL";
                    bDetected = true;
                }
            }
        } else {
            if (PE.isSignatureInSectionPresent(0, spicesSignature)) {
                sVersion = "5.X";
                bDetected = true;
            }
        }
    }

    return result();
}