(YARA) YARA_DebuggerCheck__RemoteAPI

rule DebuggerCheck__RemoteAPI {
    meta:
        description = "Rule to RemoteAPI debugger check"
        author = "Thibault Seret"
        date = "2020-09-26"
    strings:
        $s1 ="CheckRemoteDebuggerPresent"
    condition:
        any of them
}

Associated Techniques

No associated technique found so far.

Matching Samples 10 most recent

Sample Name	Matching Techniques	First Seen	Last Seen
noui.exe	8	2025-02-20	1 day, 14 hours ago
msimg32.dll	2	2025-01-14	1 month, 1 week ago
kernel32.dll	13	2024-12-30	1 month, 3 weeks ago
3c703ecb3e8c54e352ff39fadbe7...f848bd69551b07bf2ed0a58744b9	6	2024-11-19	3 months ago
implant.exe	6	2024-11-18	3 months ago
al-khaser.exe	24	2024-11-13	3 months, 1 week ago

View All

Created

June 20, 2022

Last Revised

November 5, 2024