(YARA) YARA_Detect_createthreadpoolwait

Created the . Updated 1 year, 10 months ago.

            rule shellcode_injection_via_createthreadpoolwait {
  condition:
    pe.imports('VirtualAlloc') and pe.imports('CreateThreadpoolWait') and pe.imports('SetThreadpoolWait') and pe.imports('WaitForSingleObject')
}

Download Raw

Associated Techniques

Technique Name	Technique ID's	Snippet(s)	OS
Shellcode Injection via CreateThreadpoolWait	U1236