(YARA) YARA_DebuggerCheck__RemoteAPI

rule DebuggerCheck__RemoteAPI {
    meta:
        description = "Rule to RemoteAPI debugger check"
        author = "Thibault Seret"
        date = "2020-09-26"
    strings:
        $s1 ="CheckRemoteDebuggerPresent"
    condition:
        any of them
}

Associated Techniques

No associated technique found so far.

Matching Samples 10 most recent

Sample Name	Matching Techniques	First Seen	Last Seen
aTikTok.exe	4	2025-06-15	1 month, 1 week ago
SEZCheat.exe	4	2025-06-15	1 month, 1 week ago
RuntimeBroker.exe	11	2025-06-05	1 month, 2 weeks ago
5.exe	9	2025-05-30	1 month, 3 weeks ago
q.apk.exe	8	2025-05-30	1 month, 3 weeks ago
DgtAutoTTS.exe	3	2025-05-06	2 months, 2 weeks ago
noui.exe	8	2025-02-20	5 months ago
msimg32.dll	2	2025-01-14	6 months, 1 week ago
kernel32.dll	13	2024-12-30	6 months, 3 weeks ago
3c703ecb3e8c54e352ff39fadbe7...f848bd69551b07bf2ed0a58744b9	6	2024-11-19	8 months ago

View All

Created

June 20, 2022

Last Revised

November 5, 2024