| Rule | Description | Offset | Data | Tags |
|---|---|---|---|---|
Contains_PE_File |
Detect a PE file inside a byte sequence | 0x0 |
"MZ" |
[] |
maldoc_function_prolog_signature |
0x1454 |
"U\x8b\xec\x81\xec" |
[] | |
maldoc_structured_exception_handling |
0x5a55 |
"d\xa1\x00\x00\x00\x00" |
[] | |
maldoc_suspicious_strings |
0x67ec |
"CloseHandle" |
[] | |
PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ |
[dUP v2.x Patcher --> www.diablo2oo2.cjb.net] | 0x4e |
"This program cannot be ru" |
[] |
PEiD_00729_Free_Pascal_1_06_ |
[Free Pascal 1.06] | 0x3a12 |
"\xc6\x05\xc0\x84@\x00O\xe8k\x04\x00\x00" |
[] |
PEiD_01101_Microsoft_Visual_C___v5_0_v6_0__MFC__ |
[Microsoft Visual C++ v5.0/v6.0 (MFC)] | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00P" |
[] |
PEiD_01108_Microsoft_Visual_C___v6_0_ |
[Microsoft Visual C++ v6.0] | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00Pd\x89%" |
[] |
PEiD_01110_Microsoft_Visual_C___v6_0_ |
[Microsoft Visual C++ v6.0] | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00Pd\x89%" |
[] |
PEiD_01125_Microsoft_Visual_C___ |
[Microsoft Visual C++] | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00Pd\x89%" |
[] |
_dUP_v2x_Patcher__wwwdiablo2oo2cjbnet_ |
dUP v2.x Patcher --> www.diablo2oo2.cjb.net | 0x4e |
"This program cannot be ru" |
[] |
_Microsoft_Visual_Cpp_ |
Microsoft Visual C++ | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00Pd\x89%" |
[] |
_Free_Pascal_v106_ |
Free Pascal v1.06 | 0x3a12 |
"\xc6\x05\xc0\x84@\x00O\xe8k\x04\x00\x00" |
[] |
_Microsoft_Visual_Cpp_v60_ |
Microsoft Visual C++ v6.0 | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00Pd\x89%" |
[] |
_Microsoft_Visual_Cpp_v50v60_MFC_ |
Microsoft Visual C++ v5.0/v6.0 (MFC) | 0x5a46 |
"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00P" |
[] |
NOTE: Data truncated to 25 characters
- No Matches Found