clear file content

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: clear file content
    namespace: host-interaction/file-system/write
    authors:
      - jakeperalta7
    scopes:
      static: function
      dynamic: span of calls
    mbc:
      - File System::Writes File [C0052]
    examples:
      - e3a6fbbc9b315141da37e5abbae05bf20aa9f48d5f569c6353360f59a0315245:0x140001450
  features:
    - and:
      - api: kernel32.SetEndOfFile
      - not:
        - api: kernel32.SetFilePointer

last edited: 2025-05-19 18:20:50