Add LDeviceDetectionHelper association with hid.dll (#85)

Signed-off-by: Still Hsu <[email protected]>
wietze · Aug 17, 2024 · 30299fa · 30299fa
1 parent 1a59d50
commit 30299fa
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/yml/microsoft/built-in/hid.yml b/yml/microsoft/built-in/hid.yml
@@ -29,11 +29,20 @@ VulnerableExecutables:
   - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Type: Catalog
+- Path: '%PROGRAMFILES%\Logitech\SetPointP\LDeviceDetectionHelper.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Logitech, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Logitech, L=Newark, S=California, C=US
+    Issuer: CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+    Type: Authenticode
 Resources:
 - https://wietze.github.io/blog/hijacking-dlls-in-windows
 - https://github.com/netero1010/ServiceMove-BOF
+- https://www.virustotal.com/gui/file/30fbf917d0a510b8dac3bacb0f4948f9d55bbfb0fa960b07f0af20ba4f18fc19/
 Acknowledgements:
 - Name: Wietze
   Twitter: '@wietze'
 - Name: v1stra
   Twitter: '@_v1stra'
+- Name: Still Hsu
+  Twitter: '@AzakaSekai_'