(YARA) YARA_Detect_RDTSC

Download Raw 

rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
RDTSC U0126

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
Bravo8.exe 6 2025-01-23 1 week ago
Stellaris v2.3.0-v3.12.5 Plus 24 Trainer.exe 8 2025-01-18 1 week, 5 days ago
driver_installer.exe 7 2025-01-14 2 weeks, 2 days ago
ZClient.exe 12 2025-01-13 2 weeks, 3 days ago
3552dda80bd6875c1ed1273ca756...e2f757266dae70f60bf204089a4a 5 2025-01-12 2 weeks, 4 days ago
Crackme#7.exe 8 2025-01-12 2 weeks, 4 days ago
kernel32.dll 13 2024-12-30 1 month ago
hello.exe 8 2024-12-27 1 month ago
build.exe 5 2024-12-01 1 month, 4 weeks ago
satan_ransomware.exe 10 2024-11-30 2 months ago
View All
Created

June 22, 2022

Last Revised

June 22, 2022