Improve Hexalock detection slightly (#347)

* Improve Hexalock detection via checking different known sections for mfint.dll

* Add sabre's suggestion

Improve code with sabre's code suggestion

Co-authored-by: Matt Nadareski <[email protected]>

* Add extra check for instances in UPX executables.

* Add newlines between if blocks.

---------

Co-authored-by: Matt Nadareski <[email protected]>

Author: HeroponRikiBestest

BinaryObjectScanner/Protection/HexalockAutoLock.cs

@@ -57,7 +57,25 @@ public class HexalockAutoLock : IExecutableCheck<PortableExecutable>, IPathCheck
                 if (strs.Exists(s => s.Contains("mfint.dll")))
                     return "Hexalock Autolock";
             }
-
+            
+            // Get the code/CODE section strings, if they exist
+            strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
+            if (strs != null)
+            {
+                // Found in "launcher.exe" in "Sea Adventure / Adventure de la Mer" by Compedia.
+                if (strs.Exists(s => s.Contains("mfint.dll")))
+                    return "Hexalock Autolock";
+            }
+            
+            // Get the UPX1 section strings, if they exist
+            strs = pex.GetFirstSectionStrings("UPX1");
+            if (strs != null)
+            {
+                // Found in "postmanpat.exe" in "Postman Pat" by Compedia.
+                if (strs.Exists(s => s.Contains("mfint.dll")))
+                    return "Hexalock Autolock";
+            }
+            
             return null;
         }