From 8977e69efa7b7e222a79fb6785a4a2f5520f4cb7 Mon Sep 17 00:00:00 2001
From: Still / Azaka <dev@stillu.cc>
Date: Thu, 26 Sep 2024 21:00:47 +0000
Subject: [PATCH] Add vstdlib_s64 (#89)

Signed-off-by: Still Hsu <dev@stillu.cc>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/3rd_party/valve/vstdlib_s64.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 yml/3rd_party/valve/vstdlib_s64.yml

diff --git a/yml/3rd_party/valve/vstdlib_s64.yml b/yml/3rd_party/valve/vstdlib_s64.yml
new file mode 100644
index 0000000..df431d4
--- /dev/null
+++ b/yml/3rd_party/valve/vstdlib_s64.yml
@@ -0,0 +1,28 @@
+---
+Name: vstdlib_s64.dll
+Author: Still Hsu
+Created: 2024-09-24
+Vendor: Valve
+ExpectedLocations:
+- '%PROGRAMFILES%\Steam'
+VulnerableExecutables:
+- Path: '%PROGRAMFILES%\Steam\steamerrorreporter64.exe'
+  Type: Sideloading
+  ExpectedVersionInformation:
+  - FileDescription: steamerrorreporter.exe
+    InternalName: steamerrorreporter.exe
+    OriginalFilename: steamerrorreporter.exe
+    ProductName: Steam
+  ExpectedSignatureInformation:
+  - Subject: CN=Valve Corp., O=Valve Corp., L=Bellevue, S=Washington, C=US
+    Issuer: CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA, O="DigiCert, Inc.", C=US
+    Type: Authenticode
+  SHA256:
+  - 0a0c09753b5103e86e32c2d8086dd1399f0d97a00e1525ec9c390067cdb242ba
+Resources:
+  - https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-19-IOCs-for-file-downloader-to-Lumma-Stealer.txt
+  - https://twitter.com/Unit42_Intel/status/1837137726409158770
+Acknowledgements:
+  - Name: Unit 42
+    Twitter: '@Unit42_Intel'
+