rule Detect_RDTSC: AntiDebug AntiSandbox{
    meta: 
        description = "Detect RDTSC as anti-debug and anti-sandbox"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = { 0F 31 }
    condition:   
       uint16(0) == 0x5A4D and filesize < 1000KB and $1
}