(YARA) YARA_BuildCommDCBAndTimeouts
Created the . Updated 1 month, 1 week ago.
rule BuildCommDCBAndTimeouts
{
meta:
author = "Unprotect"
contributors = "Huntress Research Team | Unprotect Project"
description = "Detects usage of BuildCommDCBAndTimeouts function call"
status = "experimental"
strings:
$s1 = "jhl46745fghb" ascii wide nocase
$s2 = "BuildCommDCBAndTimeouts" ascii wide nocase
condition:
uint16(0) == 0x5a4d and ($s2 or ($s2 and $s1))
}
Associated Techniques
| Technique Name | Technique ID's | Has Snippet(s) |
|---|---|---|
| BuildCommDCBAndTimeoutA | U1342 T1497.002 |