packaged as a Pintool

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: packaged as a Pintool
    namespace: executable/pintool
    authors:
      - william.ballenthin@mandiant.com
    scopes:
      static: file
      dynamic: file
    references:
      - https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html
      - https://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
      - https://www.blackhat.com/docs/asia-16/materials/asia-16-Sun-Break-Out-Of-The-Truman-Show-Active-Detection-And-Escape-Of-Dynamic-Binary-Instrumentation.pdf
  features:
    - or:
      - section: .charmve
      - section: .pinclie

last edited: 2023-11-24 10:34:28