You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: db/PE/MSLRH.2.sg
+5-32
Original file line number
Diff line number
Diff line change
@@ -6,112 +6,85 @@ function detect() {
6
6
if (PE.compareEP("EB033A4D3A1EEB02CD209CEB02CD20EB02CD2060EB02C705EB02CD20E803000000E9EB04584050C3619D1FEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150")) {
7
7
sVersion = "0.32a";
8
8
sOptions = "fake .BJFNT 1.3";
9
-
bDetected = true;
10
9
} else if (PE.compareEP("60E802000000EB095D5581ED39394400C361EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475")) {
11
10
sVersion = "0.32a";
12
11
sOptions = "fake ASPack 2.11d";
13
-
bDetected = true;
14
12
} else if (PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00A002EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003")) {
15
13
sVersion = "0.32a";
16
14
sOptions = "fake ASPack 2.12";
17
-
bDetected = true;
18
15
} else if (PE.compareEP("60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB0073000061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586B")) {
19
16
sVersion = "0.32a";
20
17
sOptions = "fake ASPack 2.12";
21
-
bDetected = true;
22
18
} else if (PE.compareEP("3BC074028183553BC074028183533BC97401BC563BD27402818557E8000000003BDB74019083C414EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200")) {
23
19
sVersion = "0.32a";
24
20
sOptions = "fake EXE32Pack 1.3x";
25
-
bDetected = true;
26
21
} else if (PE.compareEP("558BEC6AFF68........68........64A1000000005064892500000000648F050000000083C40C5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200")) {
27
22
sVersion = "0.32a";
28
23
sOptions = "fake Microsoft Visual C++";
29
-
bDetected = true;
30
24
} else if (PE.compareEP("558BEC538B5D08568B750C578B7D1085F65F5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458")) {
31
25
sVersion = "0.32a";
32
26
sOptions = "fake MSVC++ 6.0 DLL";
33
-
bDetected = true;
34
27
} else if (PE.compareEP("558BEC538B5D08568B750C5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4045874047502EB02EB")) {
35
28
sVersion = "0.32a";
36
29
sOptions = "fake MSVC++ 7.0 DLL Method 3";
37
-
bDetected = true;
38
30
} else if (PE.compareEP("558BEC5657BF010000008B750C85F65F5E5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475")) {
39
31
sVersion = "0.32a";
40
32
sOptions = "fake MSVC++ DLL Method 4";
41
-
bDetected = true;
42
33
} else if (PE.compareEP("E9A6000000B07B4000786040007C60400000000000B03F000012624000'NeoLite Executable File Compressor\r\nCopyright (c) 1998'2C31")) {
43
34
sVersion = "0.32a";
44
35
sOptions = "fake Neolite 2.0";
45
-
bDetected = true;
46
36
} else if (PE.compareEP("9C60E8000000005DB8B38540002DAC8540002BE88DB5D3FEFFFF8B0683F80074118DB5DFFEFFFF8B0683F8010F84F1010000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874")) {
47
37
sVersion = "0.32a";
48
38
sOptions = "fake nSPack 1.3";
49
-
bDetected = true;
50
39
} else if (PE.compareEP("FC5550E8000000005DEB01E360E803000000D2EB0B58EB014840EB0135FFE0E761585DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A58")) {
51
40
sVersion = "0.32a";
52
41
sOptions = "fake PC-Guard 4.xx";
53
-
bDetected = true;
54
42
} else if (PE.compareEP("E8000000005B83EB05EB04'RND!'85C07302F70550E808000000EAFF58EB18EB010FEB02CD20EB03EACD205858EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB")) {
55
43
sVersion = "0.32a";
56
44
sOptions = "fake PE Crypt 1.02";
57
-
bDetected = true;
58
45
} else if (PE.compareEP("EB03CD20C71EEB03CD20EA9CEB02EB01EB01EB60EB03CD20EBEB01EBE803000000E9EB04584050C3EB03CD20EBEB03CD2003619D83C404EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83")) {
59
46
sVersion = "0.32a";
60
47
sOptions = "fake PE Lock NT 2.04";
61
-
bDetected = true;
62
48
} else if (PE.compareEP("9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802")) {
63
49
sVersion = "0.32a";
64
50
sOptions = "fake PEBundle 0.2-3.x";
65
-
bDetected = true;
66
51
} else if (PE.compareEP("9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD83BD9C38400001619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200000029")) {
67
52
sVersion = "0.32a";
68
53
sOptions = "fake PEBundle 2.0x-2.4x";
69
-
bDetected = true;
70
54
} else if (PE.compareEP("EB06682EA80000C39C60E80200000033C08BC483C004938BE38B5BFC81EB3F904000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A")) {
71
55
sVersion = "0.32a";
72
56
sOptions = "fake PECompact 1.4x";
73
-
bDetected = true;
74
57
} else if (PE.compareEP("60E82B000000'\r\n\r\n\r\nRegistAred to: NON-COMMERCIAL!!\r\n\r\n\r'005861EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C4087404")) {
75
58
sVersion = "0.32a";
76
59
sOptions = "fake PESHiELD 0.25";
77
-
bDetected = true;
78
60
} else if (PE.compareEP("B8........6A0068........64FF350000000064892500000000669C605083C40461669D648F050000000083C408EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB")) {
79
61
sVersion = "0.32a";
80
62
sOptions = "fake PEtite 2.1";
81
-
bDetected = true;
82
63
} else if (PE.compareEP("60E801000000E883C404E801000000E95D81EDFF22400061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83")) {
83
64
sVersion = "0.32a";
84
65
sOptions = "fake PEX 0.99";
85
-
bDetected = true;
86
66
} else if (PE.compareEP("60E8000000005D81ED0600000064A02300000083C50661EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4")) {
87
67
sVersion = "0.32a";
88
68
sOptions = "fake SVKP 1.11";
89
-
bDetected = true;
90
69
} else if (PE.compareEP("60BE00908B008DBE0080B4FF5783CDFFEB3A9090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB730B75198B1E83EEFC11DB7210586190EB05E8EB0440")) {
91
70
sVersion = "0.32a";
92
71
sOptions = "fake UPX 0.89.6-1.02/1.05-1.24";
93
-
bDetected = true;
94
72
} else if (PE.compareEP("53558be833dbeb$$e800000000582d........506033c9505850508be851fd2e2b84..........8bf02e03b4..........8bf8")) {
95
73
sVersion = "0.32a";
96
74
sOptions = "fake WWPack32 1.x";
97
-
bDetected = true;
98
75
} else if (PE.compareEP("60E8000000005D81EDF31D4000B97B0900008DBD3B1E40008BF7AC902C8AC0C078900462EB010061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200")) {
99
76
sVersion = "0.32a";
100
-
sOptions = "fake yoda's cryptor 1.2";
101
-
bDetected = true;
77
+
sOptions = "fake Yoda's Cryptor 1.2";
102
78
} else if (PE.compareEP("60EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8")) {
103
79
sVersion = "0.1-0.2";
104
-
bDetected = true;
105
80
} else if (PE.compareEP("60D1CB0FCAC1CAE0D1CA0FC8EB01F1")) {
106
81
sVersion = "0.31";
107
-
bDetected = true;
108
82
} else if (PE.compareEP("EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003")) {
109
83
sVersion = "0.32a";
110
-
bDetected = true;
111
84
} else if (PE.compareEP("558bec5657bf........8b75..85f65f5e5deb$$eb$$eb$$e8$$$$$$$$e8$$$$$$$$eb$$83c4")) {
0 commit comments