(YARA) YARA_Detect_FindWindow

Created the . Updated 1 year, 9 months ago.

            rule Detect_FindWindowA_iat {
	meta:
		Author = "http://twitter.com/j0sm1"
		Description = "it's checked if FindWindowA() is imported"
		Date = "20/04/2015"
		Reference = "http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide#OllyFindWindow"
	strings:
		$ollydbg = "OLLYDBG"
		$windbg = "WinDbgFrameClass"
	condition:
		pe.imports("user32.dll","FindWindowA") and ($ollydbg or $windbg)
}

Download Raw

Associated Techniques

Technique Name	Technique ID's	Has Snippet(s)
Detecting Window with FindWindow API	U0406 U0123