(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| x64_AcroCEF.exe | 5 | 2026-01-30 | 2 days, 22 hours ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 2 days, 22 hours ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 2 days, 22 hours ago |
| reqloghad.dll | 7 | 2025-12-22 | 1 month, 1 week ago |
| pafish64.exe | 10 | 2025-12-06 | 1 month, 3 weeks ago |
| mxie.exe | 6 | 2025-11-11 | 2 months, 3 weeks ago |
| steamcmd.exe | 5 | 2025-11-02 | 2 months, 4 weeks ago |
| 000.exe | 7 | 2025-10-06 | 3 months, 3 weeks ago |
| chrome_pwa_launcher.exe | 5 | 2025-09-24 | 4 months, 1 week ago |
| Yandex.exe | 8 | 2025-09-20 | 4 months, 1 week ago |
Created
June 22, 2022
Last Revised
November 5, 2024