(YARA) YARA_Detect_RDTSC
rule Detect_RDTSC: AntiDebug AntiSandbox{
meta:
description = "Detect RDTSC as anti-debug and anti-sandbox"
author = "Unprotect"
comment = "Experimental rule"
strings:
$1 = { 0F 31 }
condition:
uint16(0) == 0x5A4D and filesize < 1000KB and $1
}
Associated Techniques
Matching Samples 10 most recent
Sample Name | Matching Techniques | First Seen | Last Seen |
---|---|---|---|
build.exe | 5 | 2024-12-01 | 3 weeks, 3 days ago |
satan_ransomware.exe | 10 | 2024-11-30 | 3 weeks, 5 days ago |
Xulytaikhoan.xlsx | 14 | 2024-11-26 | 1 month ago |
MokManager.efi | 8 | 2024-11-25 | 1 month ago |
f9a5a72ead096594c5d59abe706e...0c3b4ebd7690f2eb114a37d1a7db | 6 | 2024-11-19 | 1 month ago |
f2665f89ba53abd3deb81988c0d5...4053e77fc89b98b64a31a7504d77 | 6 | 2024-11-19 | 1 month ago |
ffc49c8fd266e46d2cf1f02f62b1...c88e6b01f9e022325744f55e2f07 | 5 | 2024-11-19 | 1 month ago |
ffbe22e427a9aca61a1565c32137...5a56de738cbb240f7b5bb1d1dca1 | 6 | 2024-11-19 | 1 month ago |
e18ac2c4a57b7b4980c63623c966...4e2bb66f2cc4a54974219818fff3 | 8 | 2024-11-19 | 1 month ago |
d87df763fcbee9141be2d06a2e6c...489083d7d933dec781652dd31d32 | 5 | 2024-11-19 | 1 month ago |
Created
June 22, 2022
Last Revised
June 22, 2022