rule Detect_IsDebuggerPresent : AntiDebug {
    meta:
        author = "naxonez"
        reference = "https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara"
    strings:
	$ ="IsDebugged"
    condition:
        uint16(0) == 0x5A4D and filesize < 1000KB and any of them
}