(YARA) YARA_Detect_RDTSC
rule Detect_RDTSC: AntiDebug AntiSandbox{
meta:
description = "Detect RDTSC as anti-debug and anti-sandbox"
author = "Unprotect"
comment = "Experimental rule"
strings:
$1 = { 0F 31 }
condition:
uint16(0) == 0x5A4D and filesize < 1000KB and $1
}
Associated Techniques
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| f9a5a72ead096594c5d59abe706e...0c3b4ebd7690f2eb114a37d1a7db | 6 | 2024-11-19 | 4 days, 15 hours ago |
| f2665f89ba53abd3deb81988c0d5...4053e77fc89b98b64a31a7504d77 | 6 | 2024-11-19 | 4 days, 15 hours ago |
| ffc49c8fd266e46d2cf1f02f62b1...c88e6b01f9e022325744f55e2f07 | 5 | 2024-11-19 | 4 days, 16 hours ago |
| ffbe22e427a9aca61a1565c32137...5a56de738cbb240f7b5bb1d1dca1 | 6 | 2024-11-19 | 4 days, 16 hours ago |
| e18ac2c4a57b7b4980c63623c966...4e2bb66f2cc4a54974219818fff3 | 8 | 2024-11-19 | 4 days, 16 hours ago |
| d87df763fcbee9141be2d06a2e6c...489083d7d933dec781652dd31d32 | 5 | 2024-11-19 | 4 days, 16 hours ago |
| d5569016a62885afa07a2d6a59c1...eabaa49dee5dceddb5f5007ef23a | 4 | 2024-11-19 | 4 days, 16 hours ago |
| b2d4b9b9149bb0c3d4ea10a0ad46...880da2b01ef6c19295ac853c6df8 | 5 | 2024-11-19 | 4 days, 16 hours ago |
| b050c99d9e223c77b62d55638870...b73555ac6fedbdb7aa139f77b542 | 6 | 2024-11-19 | 4 days, 16 hours ago |
| ab8342d93b1878f77a0bf21aa796...3e5631ce540597b409433ab2ec8b | 6 | 2024-11-19 | 4 days, 16 hours ago |
Created
June 22, 2022
Last Revised
June 22, 2022