(YARA) Detect OllyDbg Bad Format

Download Raw 

rule Detect_OllyDBG_BadFormatTrick: AntiDebug {
    meta: 
        description = "Detect bad format not handled by Ollydbg"
        author = "Unprotect"
        comment = "Experimental rule"
    strings:
        $1 = "%s%s.exe" fullword ascii
    condition:   
       $1
}

Associated Techniques

Technique Name Technique ID's Categories Snippet(s)
Bad String Format U0104
Created

June 22, 2022

Last Revised

March 27, 2026