Steve asked about the use cases for Yara Carpet Bomber approach and in this twitter convo I provided 2 examples of quick & dirty Yara rules:

that help to find all references to API names (including API names spelled backward) within a given binary e.g. in this case Notepad executable. It may come handy if you want to quickly check for API references that are inside any place of the files including import tables and strings used to resolve APIs dynamically:

The list includes APIs from the following libraries:

• advapi32.dll
• avicap32.dll
• cabinet.dll
• combase.dll
• crypt32.dll
• dbghelp.dll
• dbnetlib.dll
• gdi32.dll
• icmp.dll
• IPHLPAPI.DLL
• kernel32.dll
• mfc140.dll
• MFCaptureEngine.dll
• mpr.dll
• mscoree.dll
• mstask.dll
• ntdll.dll

You can download the set here.