import "pe"

rule Detect_FindWindowA_iat {
	meta:
		Author = "http://twitter.com/j0sm1"
		Description = "it's checked if FindWindowA() is imported"
		Date = "20/04/2015"
		Reference = "http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide#OllyFindWindow"
	strings:
		$ollydbg = "OLLYDBG"
		$windbg = "WinDbgFrameClass"
	condition:
		pe.imports("user32.dll","FindWindowA") and ($ollydbg or $windbg)
}