rule:
  meta:
    name: execute anti-debugging instructions
    namespace: anti-analysis/anti-debugging/debugger-detection
    authors:
      - moritz.raabe@mandiant.com
    scope: function
    mbc:
      - Anti-Behavioral Analysis::Debugger Detection::Anti-debugging Instructions [B0001.034]
    examples:
      - Practical Malware Analysis Lab 16-03.exe_:0x401300
  features:
    - or:
      - count(mnemonic(rdtsc)): 2 or more
      - mnemonic: icebp