(YARA) Yara_Detect_OutputDebugString
import "pe"
rule Detect_OutputDebugStringA_iat: AntiDebug
{
meta:
Author = "http://twitter.com/j0sm1"
Description = "Detect in IAT OutputDebugstringA"
Date = "20/04/2015"
condition:
pe.imports("kernel32.dll","OutputDebugStringA")
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| OutputDebugString | U0117 B0001.016 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| 8126a59c84aad134868c842eabc2...204cd859e6322d22ce5a3b937e2a | 5 | 2024-11-19 | 1 day, 23 hours ago |
| 57e0cadabe82b0c02a5d4606b0a3...6672d88e5a1ea4651969392c290b | 12 | 2024-11-19 | 2 days, 1 hour ago |
| 2a0592dc54fd5450c78dc3184d07...3551f3210d6a334bdd8f28d6e9f1 | 9 | 2024-11-19 | 2 days, 1 hour ago |
| OfficeSetup.exe | 6 | 2024-11-14 | 6 days, 23 hours ago |
| oxide.exe | 11 | 2024-11-13 | 1 week ago |
| Pafish 0.6.exe | 10 | 2024-11-13 | 1 week, 1 day ago |
Created
June 22, 2022
Last Revised
November 5, 2024