(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| DellDockFirmwarePackage_WD19_WD22_Series_HD22_01.00.31.exe | 6 | 2025-06-12 | 1 week, 2 days ago |
| 2420581c403e4df9f974e74ca4bf...e0c8917d995303320603547809fc | 5 | 2025-06-01 | 2 weeks, 6 days ago |
| 5.exe | 9 | 2025-05-30 | 3 weeks ago |
| q.apk.exe | 8 | 2025-05-30 | 3 weeks ago |
| hmpalert.exe | 8 | 2025-04-20 | 1 month, 3 weeks ago |
| cs2.exe | 4 | 2025-04-19 | 2 months ago |
| mmmm.exe | 7 | 2025-03-23 | 2 months, 4 weeks ago |
| noui.exe | 8 | 2025-02-20 | 4 months ago |
| hmpalert pre-patched.exe | 7 | 2025-02-12 | 4 months, 1 week ago |
| msimg32.dll | 2 | 2025-01-14 | 5 months ago |
Created
June 22, 2022
Last Revised
November 5, 2024