(YARA) YARA_Detect_RDTSC
rule Detect_RDTSC: AntiDebug AntiSandbox{
meta:
description = "Detect RDTSC as anti-debug and anti-sandbox"
author = "Unprotect"
comment = "Experimental rule"
strings:
$1 = { 0F 31 }
condition:
uint16(0) == 0x5A4D and filesize < 1000KB and $1
}
Associated Techniques
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| steghide.exe | 6 | 2025-12-09 | 6 days, 18 hours ago |
| pafish64.exe | 10 | 2025-12-06 | 1 week, 2 days ago |
| Launcher_dump.exe | 7 | 2025-11-30 | 2 weeks, 2 days ago |
| Launcher.exe | 5 | 2025-11-30 | 2 weeks, 2 days ago |
| Lazy-Loot.exe | 5 | 2025-11-27 | 2 weeks, 4 days ago |
| ImpressionFX_PaintEngine.8bf | 5 | 2025-10-27 | 1 month, 2 weeks ago |
| Lightshot.exe | 10 | 2025-10-24 | 1 month, 3 weeks ago |
| HogwartsLegacy.exe | 7 | 2025-10-16 | 2 months ago |
| sb16du.exe | 5 | 2025-10-14 | 2 months ago |
| Fb2EDL.exe | 5 | 2025-10-05 | 2 months, 1 week ago |
Created
June 22, 2022
Last Revised
June 22, 2022