(YARA) YARA_Detect_RDTSC

Download Raw 

rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
RDTSC U0126

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
DS4Windows.exe 9 2025-04-19 1 day, 10 hours ago
WdBoot.sys 7 2025-04-18 2 days, 1 hour ago
shutdown.exe 6 2025-04-08 1 week, 5 days ago
VideoComparerWin.exe 9 2025-04-03 2 weeks, 3 days ago
br2c41.tmp 8 2025-03-26 3 weeks, 4 days ago
RustPatchlessCLRLoader.exe 8 2025-03-07 1 month, 1 week ago
kkrunchy.exe 4 2025-03-03 1 month, 2 weeks ago
twain_32.dll 7 2025-02-17 2 months ago
csgo.dll 10 2025-02-17 2 months ago
libEGL.dll 8 2025-02-12 2 months, 1 week ago
View All
Created

June 22, 2022

Last Revised

June 22, 2022