(YARA) YARA_Detect_RDTSC
rule Detect_RDTSC: AntiDebug AntiSandbox{
meta:
description = "Detect RDTSC as anti-debug and anti-sandbox"
author = "Unprotect"
comment = "Experimental rule"
strings:
$1 = { 0F 31 }
condition:
uint16(0) == 0x5A4D and filesize < 1000KB and $1
}
Associated Techniques
Matching Samples 10 most recent
Sample Name | Matching Techniques | First Seen | Last Seen |
---|---|---|---|
Fb2EDL.exe | 5 | 2025-10-05 | 3 days, 7 hours ago |
a.exe | 7 | 2025-10-03 | 5 days, 5 hours ago |
hid-tools.dll | 13 | 2025-09-22 | 2 weeks, 3 days ago |
shellcode.exe | 6 | 2025-09-21 | 2 weeks, 3 days ago |
DelphinDesktop.dll | 9 | 2025-08-31 | 1 month, 1 week ago |
prot-emul.exe | 8 | 2025-08-19 | 1 month, 2 weeks ago |
hemlockwin.exe | 8 | 2025-08-06 | 2 months ago |
IObitUnlocker.sys | 5 | 2025-07-12 | 2 months, 3 weeks ago |
ePSXe.exe | 7 | 2025-07-12 | 2 months, 3 weeks ago |
binary2.exe | 7 | 2025-06-28 | 3 months, 1 week ago |
Created
June 22, 2022
Last Revised
June 22, 2022