mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-07-09 02:16:46 +00:00
Add GkWare SFX detection (fixes #97)
This commit is contained in:
27
BinaryObjectScanner/Packer/GkWareSFX.cs
Normal file
27
BinaryObjectScanner/Packer/GkWareSFX.cs
Normal file
@@ -0,0 +1,27 @@
|
||||
using BinaryObjectScanner.Interfaces;
|
||||
using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
/// <summary>
|
||||
/// GkWare Self-Extracting installer
|
||||
/// </summary>
|
||||
public class GkWareSFX : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// <see href="https://www.virustotal.com/gui/file/867726b7afc1b2343651497bbbe35618f781bb82491a2a768922117c44a897d3/details"/>
|
||||
var name = pex.FileDescription;
|
||||
if (name.OptionalContains("GkWare Self extractor"))
|
||||
return "GkWare SFX";
|
||||
|
||||
// <see href="https://www.virustotal.com/gui/file/867726b7afc1b2343651497bbbe35618f781bb82491a2a768922117c44a897d3/details"/>
|
||||
name = pex.ProductName;
|
||||
if (name.OptionalContains("GkWare Self extractor"))
|
||||
return "GkWare SFX";
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -153,6 +153,7 @@ Below is a list of executable packers detected by BinaryObjectScanner. The three
|
||||
| Embedded File | Yes | No | Yes | Not technically a packer |
|
||||
| EXE Stealth | Yes | No | No | |
|
||||
| Gentee Installer | Yes | No | No | |
|
||||
| GkWare SFX | Yes | No | No | |
|
||||
| HyperTech CrackProof | Yes | No | No | |
|
||||
| Inno Setup | Yes | No | No | |
|
||||
| InstallAnywhere | Yes | No | No | |
|
||||
|
||||
Reference in New Issue
Block a user