Skip to content

Commit

Permalink
Add vstdlib_s64 (#89)
Browse files Browse the repository at this point in the history 
Signed-off-by: Still Hsu <[email protected]>
Co-authored-by: Wietze <[email protected]>
  • Loading branch information
@Still34 @wietze
Still34 and wietze authored Sep 26, 2024
1 parent c6856c4 commit 8977e69
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions yml/3rd_party/valve/vstdlib_s64.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
Name: vstdlib_s64.dll
Author: Still Hsu
Created: 2024-09-24
Vendor: Valve
ExpectedLocations:
- '%PROGRAMFILES%\Steam'
VulnerableExecutables:
- Path: '%PROGRAMFILES%\Steam\steamerrorreporter64.exe'
Type: Sideloading
ExpectedVersionInformation:
- FileDescription: steamerrorreporter.exe
InternalName: steamerrorreporter.exe
OriginalFilename: steamerrorreporter.exe
ProductName: Steam
ExpectedSignatureInformation:
- Subject: CN=Valve Corp., O=Valve Corp., L=Bellevue, S=Washington, C=US
Issuer: CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA, O="DigiCert, Inc.", C=US
Type: Authenticode
SHA256:
- 0a0c09753b5103e86e32c2d8086dd1399f0d97a00e1525ec9c390067cdb242ba
Resources:
- https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-19-IOCs-for-file-downloader-to-Lumma-Stealer.txt
- https://twitter.com/Unit42_Intel/status/1837137726409158770
Acknowledgements:
- Name: Unit 42
Twitter: '@Unit42_Intel'

0 comments on commit 8977e69

Please sign in to comment.