Detect-It-Easy/db/MSDOS/NTShell.2.sg

// Detect It Easy: detection rule file
// Author: hypn0 <hypn0@mail.ru>

init("protector", "NTShell");

function detect() {
    if (MSDOS.compareEP("2e8c1e....8cca8eda8ec2fa8ed2bc....fbe80000eb$$b9....5e8bfeeb")) {
        sVersion = "4.0";
        sOptions = "by Mr. ZhouHui";
        bDetected = true;
    } else if (MSDOS.compareEP("2e8c06....8cc88ed8fa8ed0bc....fbff36....268b1e....8ec333ffb9")) {
        sVersion = "2.01";
        sOptions = "by Mr. ZhouHui";
        bDetected = true;
    }

    return result();
}