From b509818ae6fcd28fcbb2b9c15fb87c68cfb9b914 Mon Sep 17 00:00:00 2001
From: Jai Minton <JPMinty@users.noreply.github.com>
Date: Fri, 6 Sep 2024 22:26:35 +0930
Subject: [PATCH] Adding webui.dll (iTop) and atl71.dll (Xunlei)  (#87)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/3rd_party/itop/webui.yml   | 23 +++++++++++++++++++++++
 yml/3rd_party/xunlei/atl71.yml | 23 +++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 yml/3rd_party/itop/webui.yml
 create mode 100644 yml/3rd_party/xunlei/atl71.yml

diff --git a/yml/3rd_party/itop/webui.yml b/yml/3rd_party/itop/webui.yml
new file mode 100644
index 0000000..1c591e0
--- /dev/null
+++ b/yml/3rd_party/itop/webui.yml
@@ -0,0 +1,23 @@
+---
+Name: webui.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-08-30
+Vendor: iTop
+ExpectedLocations:
+  - '%PROGRAMFILES%\iTop Screen Recorder'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\iTop Screen Recorder\iScrPaint.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: iScrPaint.exe
+        InternalName: iScrPaint.exe
+        FileDescription: iTop Screen Recorder
+    SHA256:
+      - '46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f'
+Resources:
+  - https://www.virustotal.com/gui/file/063d2c12aa8316b242c5beb9dbbf934be7cee9df93b1612de9aa2f1f3084f0da/relations
+  - https://www.virustotal.com/gui/file/521c0de9a7b2db7d9a65b443dd630a28e2b4e33f8c56336e7630c646aa2cf280/detection
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'
diff --git a/yml/3rd_party/xunlei/atl71.yml b/yml/3rd_party/xunlei/atl71.yml
new file mode 100644
index 0000000..4702f09
--- /dev/null
+++ b/yml/3rd_party/xunlei/atl71.yml
@@ -0,0 +1,23 @@
+---
+Name: atl71.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-08-30
+Vendor: Xunlei
+ExpectedLocations:
+  - '%PROGRAMFILES%\Common Files\Thunder Network\TP\%VERSION%'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\Common Files\Thunder Network\TP\%VERSION%\XLBugReport.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: XLBugReport.exe
+        InternalName: XLBugReport.exe
+        FileDescription: 迅雷错误报告
+    SHA256:
+      - '64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0'
+Resources:
+  - https://www.virustotal.com/gui/file/07ff27bfc879ad9f4d90f17c755c89d2fc3a84994c2304ee3cd79eb84674b9c0/relations
+  - https://www.virustotal.com/gui/file/d42dc50226c59ab41afb691a0d94fa4e141702b678d8bd2fdaaaecb43a8e5b4b/details
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'