(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| msimg32.dll | 2 | 2025-01-14 | 6 days, 16 hours ago |
| ZClient.exe | 12 | 2025-01-13 | 1 week, 1 day ago |
| honeypot.exe | 5 | 2024-12-04 | 1 month, 2 weeks ago |
| mediacreationtool.exe | 4 | 2024-11-25 | 1 month, 3 weeks ago |
| Microsoft Store.exe | 4 | 2024-11-23 | 1 month, 4 weeks ago |
| 8126a59c84aad134868c842eabc2...204cd859e6322d22ce5a3b937e2a | 5 | 2024-11-19 | 2 months ago |
| 57e0cadabe82b0c02a5d4606b0a3...6672d88e5a1ea4651969392c290b | 12 | 2024-11-19 | 2 months ago |
| 2a0592dc54fd5450c78dc3184d07...3551f3210d6a334bdd8f28d6e9f1 | 9 | 2024-11-19 | 2 months ago |
| OfficeSetup.exe | 6 | 2024-11-14 | 2 months ago |
| oxide.exe | 11 | 2024-11-13 | 2 months, 1 week ago |
Created
June 22, 2022
Last Revised
November 5, 2024