(YARA) Yara_Detect_OutputDebugString

Download Raw 

import "pe"

rule Detect_OutputDebugStringA_iat: AntiDebug
{
	meta:
		Author = "http://twitter.com/j0sm1"
		Description = "Detect in IAT OutputDebugstringA"
		Date = "20/04/2015"

	condition:
		pe.imports("kernel32.dll","OutputDebugStringA")
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
OutputDebugString U0117 B0001.016

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
DellDockFirmwarePackage_WD19_WD22_Series_HD22_01.00.31.exe 6 2025-06-12 4 days, 3 hours ago
2420581c403e4df9f974e74ca4bf...e0c8917d995303320603547809fc 5 2025-06-01 2 weeks, 1 day ago
5.exe 9 2025-05-30 2 weeks, 2 days ago
q.apk.exe 8 2025-05-30 2 weeks, 2 days ago
hmpalert.exe 8 2025-04-20 1 month, 2 weeks ago
cs2.exe 4 2025-04-19 1 month, 4 weeks ago
mmmm.exe 7 2025-03-23 2 months, 3 weeks ago
noui.exe 8 2025-02-20 3 months, 3 weeks ago
hmpalert pre-patched.exe 7 2025-02-12 4 months ago
msimg32.dll 2 2025-01-14 5 months ago
View All
Created

June 22, 2022

Last Revised

November 5, 2024