(YARA) Yara_Detect_OutputDebugString

Download Raw 

import "pe"

rule Detect_OutputDebugStringA_iat: AntiDebug
{
	meta:
		Author = "http://twitter.com/j0sm1"
		Description = "Detect in IAT OutputDebugstringA"
		Date = "20/04/2015"

	condition:
		pe.imports("kernel32.dll","OutputDebugStringA")
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
OutputDebugString U0117 B0001.016

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
5.exe 9 2025-05-30 1 day, 17 hours ago
q.apk.exe 8 2025-05-30 1 day, 17 hours ago
hmpalert.exe 8 2025-04-20 1 month ago
cs2.exe 4 2025-04-19 1 month, 1 week ago
mmmm.exe 7 2025-03-23 2 months, 1 week ago
noui.exe 8 2025-02-20 3 months, 1 week ago
hmpalert pre-patched.exe 7 2025-02-12 3 months, 2 weeks ago
msimg32.dll 2 2025-01-14 4 months, 2 weeks ago
ZClient.exe 12 2025-01-13 4 months, 2 weeks ago
honeypot.exe 5 2024-12-04 5 months, 3 weeks ago
View All
Created

June 22, 2022

Last Revised

November 5, 2024