[findcrypt] Added constants related to the TEA algorithm.

Updated the RICH IDs with the latest Visual Studio build numbers.
JusticeRage · Nov 6, 2018 · dc886b1 · dc886b1
1 parent c0f3ccc
commit dc886b1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/bin/yara_rules/findcrypt.yara b/bin/yara_rules/findcrypt.yara
@@ -442,3 +442,15 @@ rule Twofish
   condition:
     any of them
 }
+
+rule TEA 
+{
+	meta:
+		description = "Uses constants related to TEA"
+		author = "Ivan Kwiatkowski (@JusticeRage)"
+	strings:
+		$c1 = { B9 79 37 9E }
+		$c2 = { 20 37 EF C6 }
+	condition:
+		all of them
+}
diff --git a/include/manape/nt_values.h b/include/manape/nt_values.h
@@ -107,12 +107,12 @@ DECLSPEC const_shared_strings translate_to_flags(int value, const flag_dict& dic
 /**
  *	@brief	Looks up the flag corresponding to a given value, if any.
  *
- *	@param	int value The integer to translate
+ *	@param	unsigned int value The integer to translate
  *	@param	flag_dict& dict A map containing the list of available flags and corresponding
  *			integer values.
  *
  *	@return	The corresponding flag, or "UNKNOWN" if no match is found.
  */
-DECLSPEC pString translate_to_flag(int value, const flag_dict& dict);
+DECLSPEC pString translate_to_flag(unsigned int value, const flag_dict& dict);
 
 } // !namespace nt
diff --git a/manape/nt_values.cpp b/manape/nt_values.cpp
@@ -662,7 +662,8 @@ const flag_dict COMP_ID_PRODID =
                                 ("VS2017 v15.8.2 compiler 26727",              0x6867)
                                 ("VS2017 v15.8.3 compiler 26728",              0x6868)
                                 ("VS2017 v15.8.4 compiler 26729",              0x6869)
-                                ("VS2017 v15.8.5-7 compiler 26730",            0x686A)
+                                ("VS2017 v15.8.5-8 compiler 26730",            0x686A)
+                                ("VS2017 v15.8.9 compiler 26732",              0x686C)
     ;
 
 // ----------------------------------------------------------------------------
@@ -681,7 +682,7 @@ const_shared_strings translate_to_flags(int value, const flag_dict& dict)
 
 // ----------------------------------------------------------------------------
 
-pString translate_to_flag(int value, const flag_dict& dict)
+pString translate_to_flag(unsigned int value, const flag_dict& dict)
 {
     for (const auto& it : dict)
     {