(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| main.exe | 11 | 2026-02-07 | 2 days, 12 hours ago |
| x64_AcroCEF.exe | 5 | 2026-01-30 | 1 week, 3 days ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 1 week, 3 days ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 1 week, 3 days ago |
| reqloghad.dll | 7 | 2025-12-22 | 1 month, 2 weeks ago |
| pafish64.exe | 10 | 2025-12-06 | 2 months ago |
| mxie.exe | 6 | 2025-11-11 | 2 months, 4 weeks ago |
| steamcmd.exe | 5 | 2025-11-02 | 3 months ago |
| 000.exe | 7 | 2025-10-06 | 4 months ago |
| chrome_pwa_launcher.exe | 5 | 2025-09-24 | 4 months, 2 weeks ago |
Created
June 22, 2022
Last Revised
November 5, 2024