delete directory

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: delete directory
    namespace: host-interaction/file-system/delete
    authors:
      - moritz.raabe@mandiant.com
      - michael.hunhoff@mandiant.com
    scopes:
      static: function
      dynamic: call
    mbc:
      - File System::Delete Directory [C0048]
    examples:
      - Practical Malware Analysis Lab 05-01.dll_:0x10009236
      - AFB6EC3D721A5CB67863487B0E51A34C167F629CF701F8BC7A038C117B4DDA44:0x429AA0
  features:
    - or:
      - api: RemoveDirectory
      - api: RemoveDirectoryTransacted
      - api: rmdir
      - api: _rmdir
      - api: _wrmdir
      - api: System.IO.DirectoryInfo::Delete
      - api: System.IO.Directory::Delete

last edited: 2023-11-24 10:34:28