(YARA) Yara_Detect_OutputDebugString

Download Raw 

import "pe"

rule Detect_OutputDebugStringA_iat: AntiDebug
{
	meta:
		Author = "http://twitter.com/j0sm1"
		Description = "Detect in IAT OutputDebugstringA"
		Date = "20/04/2015"

	condition:
		pe.imports("kernel32.dll","OutputDebugStringA")
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
OutputDebugString U0117 B0001.016

Matching Samples 10 most recent

Sample Name Matching Techniques First Seen Last Seen
Клиент.exe 9 2025-07-01 1 week ago
DellDockFirmwarePackage_WD19_WD22_Series_HD22_01.00.31.exe 6 2025-06-12 3 weeks, 5 days ago
2420581c403e4df9f974e74ca4bf...e0c8917d995303320603547809fc 5 2025-06-01 1 month, 1 week ago
5.exe 9 2025-05-30 1 month, 1 week ago
q.apk.exe 8 2025-05-30 1 month, 1 week ago
hmpalert.exe 8 2025-04-20 2 months, 1 week ago
cs2.exe 4 2025-04-19 2 months, 2 weeks ago
mmmm.exe 7 2025-03-23 3 months, 2 weeks ago
noui.exe 8 2025-02-20 4 months, 2 weeks ago
hmpalert pre-patched.exe 7 2025-02-12 4 months, 3 weeks ago
View All
Created

June 22, 2022

Last Revised

November 5, 2024