(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| mmmm.exe | 7 | 2025-03-23 | 1 week ago |
| noui.exe | 8 | 2025-02-20 | 1 month, 1 week ago |
| hmpalert pre-patched.exe | 7 | 2025-02-12 | 1 month, 2 weeks ago |
| msimg32.dll | 2 | 2025-01-14 | 2 months, 2 weeks ago |
| ZClient.exe | 12 | 2025-01-13 | 2 months, 2 weeks ago |
| honeypot.exe | 5 | 2024-12-04 | 3 months, 3 weeks ago |
| mediacreationtool.exe | 4 | 2024-11-25 | 4 months ago |
| Microsoft Store.exe | 4 | 2024-11-23 | 4 months, 1 week ago |
| 8126a59c84aad134868c842eabc2...204cd859e6322d22ce5a3b937e2a | 5 | 2024-11-19 | 4 months, 1 week ago |
| 57e0cadabe82b0c02a5d4606b0a3...6672d88e5a1ea4651969392c290b | 12 | 2024-11-19 | 4 months, 1 week ago |
Created
June 22, 2022
Last Revised
November 5, 2024