(YARA) YARA_Detect_RDTSC

Download Raw

rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
RDTSC U0126

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
build.exe 5 2024-12-01 3 weeks, 3 days ago
satan_ransomware.exe 10 2024-11-30 3 weeks, 5 days ago
Xulytaikhoan.xlsx 14 2024-11-26 1 month ago
MokManager.efi 8 2024-11-25 1 month ago
f9a5a72ead096594c5d59abe706e...0c3b4ebd7690f2eb114a37d1a7db 6 2024-11-19 1 month ago
f2665f89ba53abd3deb81988c0d5...4053e77fc89b98b64a31a7504d77 6 2024-11-19 1 month ago
ffc49c8fd266e46d2cf1f02f62b1...c88e6b01f9e022325744f55e2f07 5 2024-11-19 1 month ago
ffbe22e427a9aca61a1565c32137...5a56de738cbb240f7b5bb1d1dca1 6 2024-11-19 1 month ago
e18ac2c4a57b7b4980c63623c966...4e2bb66f2cc4a54974219818fff3 8 2024-11-19 1 month ago
d87df763fcbee9141be2d06a2e6c...489083d7d933dec781652dd31d32 5 2024-11-19 1 month ago
View All

Created

June 22, 2022

Last Revised

June 22, 2022