(YARA) YARA_BuildCommDCBAndTimeouts

Download Raw 

rule BuildCommDCBAndTimeouts 
{
    meta:
        author = "Unprotect"
        contributors = "Huntress Research Team | Unprotect Project"
        description = "Detects usage of BuildCommDCBAndTimeouts function call"
        status = "experimental"

    strings:
        $s1 = "jhl46745fghb" ascii wide nocase
        $s2 = "BuildCommDCBAndTimeouts" ascii wide nocase

    condition:
        uint16(0) == 0x5a4d and ($s2 or ($s2 and $s1))
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
BuildCommDCBAndTimeoutA U1342 T1497.002

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
al-khaser.exe 24 2024-11-13 1 month, 1 week ago
View All
Created

March 20, 2024

Last Revised

March 20, 2024