(YARA) Detect CheckRemoteDebuggerPresent Usage

rule DebuggerCheck__RemoteAPI {
    meta:
        description = "Rule to RemoteAPI debugger check"
        author = "Thibault Seret"
        date = "2020-09-26"
    strings:
        $s1 ="CheckRemoteDebuggerPresent"
    condition:
        any of them
}

Associated Techniques

No associated technique found so far.

Matching Samples 10 most recent

Sample Name	Matching Techniques	First Seen	Last Seen
SKY2027.exe	4	2026-04-30	1 day, 6 hours ago
548964a6ea3d573cfae71aa5e2d0...0fc323c6432e96d2ad55b80d.exe	7	2026-03-04	1 month, 3 weeks ago
TS_4775.tmp	7	2025-12-23	4 months, 1 week ago
DgtAutoTTSMM.exe	3	2025-10-20	6 months, 1 week ago
aTikTok.exe	4	2025-06-15	10 months, 2 weeks ago
SEZCheat.exe	4	2025-06-15	10 months, 2 weeks ago
RuntimeBroker.exe	11	2025-06-05	10 months, 3 weeks ago
5.exe	9	2025-05-30	11 months ago
q.apk.exe	8	2025-05-30	11 months ago
DgtAutoTTS.exe	3	2025-05-06	11 months, 3 weeks ago

View All

Created

June 20, 2022

Last Revised

March 26, 2026