(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| hmpalert.exe | 8 | 2025-04-20 | 1 day, 11 hours ago |
| cs2.exe | 4 | 2025-04-19 | 2 days, 5 hours ago |
| mmmm.exe | 7 | 2025-03-23 | 4 weeks ago |
| noui.exe | 8 | 2025-02-20 | 2 months ago |
| hmpalert pre-patched.exe | 7 | 2025-02-12 | 2 months, 1 week ago |
| msimg32.dll | 2 | 2025-01-14 | 3 months ago |
| ZClient.exe | 12 | 2025-01-13 | 3 months, 1 week ago |
| honeypot.exe | 5 | 2024-12-04 | 4 months, 2 weeks ago |
| mediacreationtool.exe | 4 | 2024-11-25 | 4 months, 3 weeks ago |
| Microsoft Store.exe | 4 | 2024-11-23 | 4 months, 4 weeks ago |
Created
June 22, 2022
Last Revised
November 5, 2024