[PR #347] [MERGED] Improve Hexalock detection slightly #507

New Issue

Closed

opened 2026-01-29 21:08:43 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 21:08:43 +00:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/SabreTools/BinaryObjectScanner/pull/347
Author: @HeroponRikiBestest
Created: 12/29/2024
Status: ✅ Merged
Merged: 12/29/2024
Merged by: @mnadareski

Base: master ← Head: master

---

📝 Commits (4)

• 8550852 Improve Hexalock detection via checking different known sections for mfint.dll
• bdfb420 Add sabre's suggestion
• 8073254 Add extra check for instances in UPX executables.
• e157c71 Add newlines between if blocks.

📊 Changes

1 file changed (+19 additions, -1 deletions)

View changed files

📝 BinaryObjectScanner/Protection/HexalockAutoLock.cs (+19 -1)

📄 Description

My hexalock disc has mfint.dll in a different section of PE. This PR causes it to be detected where it wasn't before. Some of Morlit's discs also weren't detecting, likely for similar reasons, but I have still yet to get to those.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/SabreTools/BinaryObjectScanner/pull/347 **Author:** [@HeroponRikiBestest](https://github.com/HeroponRikiBestest) **Created:** 12/29/2024 **Status:** ✅ Merged **Merged:** 12/29/2024 **Merged by:** [@mnadareski](https://github.com/mnadareski) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (4) - [`8550852`](https://github.com/SabreTools/BinaryObjectScanner/commit/8550852d82bec0cb7f8fd8d054d5be1d8595f190) Improve Hexalock detection via checking different known sections for mfint.dll - [`bdfb420`](https://github.com/SabreTools/BinaryObjectScanner/commit/bdfb4203ec57ccd3f8e915799749e9bfd2e5d486) Add sabre's suggestion - [`8073254`](https://github.com/SabreTools/BinaryObjectScanner/commit/8073254866cefa22533493bd2d3868713242de40) Add extra check for instances in UPX executables. - [`e157c71`](https://github.com/SabreTools/BinaryObjectScanner/commit/e157c71acaa6d8727f5b94cdb10aac83968f31fe) Add newlines between if blocks. ### 📊 Changes **1 file changed** (+19 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `BinaryObjectScanner/Protection/HexalockAutoLock.cs` (+19 -1) </details> ### 📄 Description My hexalock disc has mfint.dll in a different section of PE. This PR causes it to be detected where it wasn't before. Some of Morlit's discs also weren't detecting, likely for similar reasons, but I have still yet to get to those. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 21:08:43 +00:00

claunia closed this issue 2026-01-29 21:08:44 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

rolling

3.5.0

3.4.6

3.4.5

3.4.4

3.4.3

3.4.2

3.4.1

3.4.0

3.3.4

3.3.3

3.3.2

3.3.1

3.3.0

3.2.3

3.2.2

3.2.1

3.2.0

3.1.16

3.1.15

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

3.0.2

3.0.1

3.0.0

2.9.0

2.8.0

2.7.0

2.6.0

2.5.0

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.1.0

2.0.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.1

1.5.0

1.4.1

1.4.0

1.03.9.1

1.03.9

1.03.8.2

1.03.8.1

1.03.8.0

1.03.7.1

1.03.5

1.03.7

1.03.6

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SabreTools/BinaryObjectScanner#507