(YARA) YARA_Detect_RDTSC

rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}

Associated Techniques

Technique Name	Technique ID's	Snippet(s)	OS
RDTSC	U0126

Matching Samples 10 most recent

Sample Name	Matching Techniques	First Seen	Last Seen
library.dll	8	2026-03-06	1 day, 23 hours ago
DelphinDesktop.dll	8	2026-03-05	3 days, 4 hours ago
um.exe	7	2026-03-02	5 days, 18 hours ago
Malware.unknown.exe.malz	8	2026-02-22	1 week, 6 days ago
main.exe	11	2026-02-07	1 month ago
ClipGuard.exe	5	2026-01-29	1 month, 1 week ago
1c0000.dll	8	2026-01-27	1 month, 1 week ago
loader_complete.exe	10	2026-01-27	1 month, 1 week ago
Torture.exe	9	2025-12-16	2 months, 2 weeks ago
steghide.exe	6	2025-12-09	2 months, 3 weeks ago

View All

Created

June 22, 2022

Last Revised

June 22, 2022