(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| passper-for-rar_setup-com_passper.exe | 8 | 2026-02-18 | 1 week, 4 days ago |
| ProtonVPN.Launcher.exe | 6 | 2026-02-18 | 1 week, 4 days ago |
| main.exe | 11 | 2026-02-07 | 3 weeks, 1 day ago |
| x64_AcroCEF.exe | 5 | 2026-01-30 | 1 month ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 1 month ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 1 month ago |
| reqloghad.dll | 7 | 2025-12-22 | 2 months, 1 week ago |
| pafish64.exe | 10 | 2025-12-06 | 2 months, 3 weeks ago |
| mxie.exe | 6 | 2025-11-11 | 3 months, 2 weeks ago |
| steamcmd.exe | 5 | 2025-11-02 | 3 months, 3 weeks ago |
Created
June 22, 2022
Last Revised
November 5, 2024