search

horsicq / Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.
http://ntinfo.biz
MIT License
7.37k stars 716 forks source link

Eziriz .NET Reactor is no longer detected since version 3.06 #182

Closed ClaudioWayne closed 9 months ago

ClaudioWayne commented 10 months ago

Hi,

I have noticed that Eziriz .NET Reactor (6.x.x.x) is no longer detected since version 3.06. It seems that the rule that detects (Dot Net Reactor.2.sg) the Eziriz .NET Reactor has completely disappeared from the repo.

Sample I have tested: sha256: 45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76

References: https://www.youtube.com/watch?v=3t9BEdA4ch8&list=RDCMUCVFXrUwuWxNlm6UNZtBLJ-A&start_radio=1 https://malshare.com/sample.php?action=detail&hash=45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76

I am unsure whether we should go back to 3.05 if it is mainly about analyzing .NET samples. Why was the rule removed?

Maybe it is possible to improve the rule based on this sample.

horsicq commented 10 months ago

Hello! Thank you for the report! The next version of DiE will be with the new detects of .NET protectors. You could try the beta version https://github.com/horsicq/Detect-It-Easy/releases/tag/Beta

horsicq commented 9 months ago

https://github.com/horsicq/DIE-engine/releases/tag/3.09