From df2c48bcb82e0d1ae094ad1a62ebdbf865b1d941 Mon Sep 17 00:00:00 2001
From: ReBensk <146695244+ReBensk@users.noreply.github.com>
Date: Wed, 8 Nov 2023 22:48:35 +0530
Subject: [PATCH] JiaguK - packer (#375)

* JiaguK - packer

* Update packers.yara

* Revert "Update packers.yara"

This reverts commit 57d5f34cf477718889533b1d9f24b6a82b905401, reversing
changes made to fec7ed1d9a2113019f2aeb578b23f298d61ac16d.

* Revert "Update packers.yara"

This reverts commit fec7ed1d9a2113019f2aeb578b23f298d61ac16d.

* Update packers.yara

* Update packers.yara

* Update packers.yara

* Update packers.yara

* Update packers.yara

* Update packers.yara

* Update packers.yara

* Update packers.yara

Replaced "$classNameString"  to "all of them"
---
 apkid/rules/dex/packers.yara | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/apkid/rules/dex/packers.yara b/apkid/rules/dex/packers.yara
index b3e6215..a90d322 100644
--- a/apkid/rules/dex/packers.yara
+++ b/apkid/rules/dex/packers.yara
@@ -604,3 +604,18 @@ rule custom_flutter : packer
   condition:
     is_dex and all of them
 }
+
+rule jiagu_k : packer
+{
+  meta:
+    description = "Jiagu K"
+    sample1     = "aa666b75ffb3588dd41c8e546d53e353cda67cf278b167c7737b1169262856bb"
+    sample2     = "d9baf66e7ac116a8c68599ef16fae5397ac4fd0847e2fcfe3ee2c155ecf4f850"
+    author      = "ReBensk"
+
+  strings:
+    $classNameString = { 00 10 4C 76 69 72 62 6F 78 2F 53 74 75 62 41 70 70 3B 00 } // Lvirbox/StubApp;
+   
+  condition:
+    is_dex and all of them and (dex.header.data_size + dex.header.data_offset) < dex.header.file_size
+}