(YARA) YARA_Detect_RDTSC
rule Detect_RDTSC: AntiDebug AntiSandbox{
meta:
description = "Detect RDTSC as anti-debug and anti-sandbox"
author = "Unprotect"
comment = "Experimental rule"
strings:
$1 = { 0F 31 }
condition:
uint16(0) == 0x5A4D and filesize < 1000KB and $1
}
Associated Techniques
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| prot-emul.exe | 8 | 2025-08-19 | 1 week, 2 days ago |
| hemlockwin.exe | 8 | 2025-08-06 | 3 weeks, 1 day ago |
| IObitUnlocker.sys | 5 | 2025-07-12 | 1 month, 2 weeks ago |
| ePSXe.exe | 7 | 2025-07-12 | 1 month, 2 weeks ago |
| binary2.exe | 7 | 2025-06-28 | 2 months ago |
| wireguard-installer.exe | 7 | 2025-06-12 | 2 months, 2 weeks ago |
| 131da83b521f610819141d5c7403...abb22ef504a7593955a65f07.exe | 9 | 2025-06-12 | 2 months, 2 weeks ago |
| MSBuild.exe | 10 | 2024-11-15 | 2 months, 2 weeks ago |
| RuntimeBroker.exe | 11 | 2025-06-05 | 2 months, 3 weeks ago |
| tel.exe | 13 | 2025-06-01 | 2 months, 3 weeks ago |
Created
June 22, 2022
Last Revised
June 22, 2022