(YARA) YARA_Detect_RDTSC

Download Raw

rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
RDTSC U0126

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
ImpressionFX_PaintEngine.8bf 5 2025-10-27 1 day, 13 hours ago
Lightshot.exe 10 2025-10-24 5 days ago
HogwartsLegacy.exe 7 2025-10-16 1 week, 5 days ago
sb16du.exe 5 2025-10-14 2 weeks, 1 day ago
Fb2EDL.exe 5 2025-10-05 3 weeks, 2 days ago
a.exe 7 2025-10-03 3 weeks, 4 days ago
hid-tools.dll 13 2025-09-22 1 month, 1 week ago
shellcode.exe 6 2025-09-21 1 month, 1 week ago
DelphinDesktop.dll 9 2025-08-31 1 month, 4 weeks ago
prot-emul.exe 8 2025-08-19 2 months, 1 week ago
View All

Created

June 22, 2022

Last Revised

June 22, 2022