create two anonymous pipes

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: create two anonymous pipes
    namespace: communication/named-pipe/create
    authors:
      - matthew.williams@mandiant.com
    scopes:
      static: function
      dynamic: span of calls
    mbc:
      - Communication::Interprocess Communication::Create Pipe [C0003.001]
    examples:
      - Practical Malware Analysis Lab 14-02.exe_:0x4011C0
  features:
    - and:
      - count(api(CreatePipe)): 2

last edited: 2025-01-29 09:27:13