From 0be0d3e7d8687cef83e86cf3c31c357be4bdf3d0 Mon Sep 17 00:00:00 2001 From: Still Hsu Date: Sun, 24 Nov 2024 12:33:58 +0800 Subject: [PATCH 1/3] Add zlibwapi.yml Signed-off-by: Still Hsu --- yml/3rd_party/zlib/zlibwapi.yml | 34 +++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 yml/3rd_party/zlib/zlibwapi.yml diff --git a/yml/3rd_party/zlib/zlibwapi.yml b/yml/3rd_party/zlib/zlibwapi.yml new file mode 100644 index 0000000..c12dbf8 --- /dev/null +++ b/yml/3rd_party/zlib/zlibwapi.yml @@ -0,0 +1,34 @@ +--- +Name: zlibwapi.dll +Author: Still Hsu +Created: 2024-11-24 +Vendor: zlib +ExpectedLocations: + - '%programfiles%\DS Clock' +VulnerableExecutables: +- Path: '%PROGRAMFILES%\DS Clock\dsclock.exe' + Type: Sideloading + ExpectedVersionInformation: + - FileDescription: DS Clock + LegalCopyright: Copyright ©️ 2001-2023 Duality Software. All rights reserved. Developed by Vladimir Kulemin. + InternalName: dsclock.exe + OriginalFilename: dsclock.exe + ProductName: DS Clock + ProductVersion: 5.1.2.0 + ExpectedSignatureInformation: + - Subject: CN=Duality Software LLC, O=Duality Software LLC, L=Saint Petersburg, S=Saint Petersburg, C=RU + Issuer: CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE + Type: Authenticode + SHA256: + - f85ce4492e1354f8310027c5f70ef73aae654fcd8fd9a58034e4f82a41a9826b +Resources: + - https://x.com/malwrhunterteam/status/1859316170773397966 + - https://www.virustotal.com/gui/file/b8d38fc9f4560719fa64227e4b25b732b22602cb596d44cb38418a196c3340be + - https://www.virustotal.com/gui/file/f85ce4492e1354f8310027c5f70ef73aae654fcd8fd9a58034e4f82a41a9826b/relations + - https://github.com/Still34/malware-lab/tree/main/reworkshop/2024-11-24 +Acknowledgements: + - Name: MalwareHunterTeam + Twitter: '@malwrhunterteam' + - Name: Still Hsu + Twitter: '@AzakaSekai_' + From 2c9d2617280e74f29be2011bde9a495caca0b32c Mon Sep 17 00:00:00 2001 From: Wietze Date: Sun, 24 Nov 2024 18:55:18 +0000 Subject: [PATCH 2/3] Remove extra new line --- yml/3rd_party/zlib/zlibwapi.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/yml/3rd_party/zlib/zlibwapi.yml b/yml/3rd_party/zlib/zlibwapi.yml index c12dbf8..e553101 100644 --- a/yml/3rd_party/zlib/zlibwapi.yml +++ b/yml/3rd_party/zlib/zlibwapi.yml @@ -24,11 +24,9 @@ VulnerableExecutables: Resources: - https://x.com/malwrhunterteam/status/1859316170773397966 - https://www.virustotal.com/gui/file/b8d38fc9f4560719fa64227e4b25b732b22602cb596d44cb38418a196c3340be - - https://www.virustotal.com/gui/file/f85ce4492e1354f8310027c5f70ef73aae654fcd8fd9a58034e4f82a41a9826b/relations - https://github.com/Still34/malware-lab/tree/main/reworkshop/2024-11-24 Acknowledgements: - Name: MalwareHunterTeam Twitter: '@malwrhunterteam' - Name: Still Hsu Twitter: '@AzakaSekai_' - From 15a3ad951800430a1318681a2b0afc5f73a2bfe2 Mon Sep 17 00:00:00 2001 From: Wietze Date: Sun, 24 Nov 2024 19:00:17 +0000 Subject: [PATCH 3/3] Minor tweaks --- yml/3rd_party/zlib/zlibwapi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yml/3rd_party/zlib/zlibwapi.yml b/yml/3rd_party/zlib/zlibwapi.yml index e553101..2923f38 100644 --- a/yml/3rd_party/zlib/zlibwapi.yml +++ b/yml/3rd_party/zlib/zlibwapi.yml @@ -4,7 +4,7 @@ Author: Still Hsu Created: 2024-11-24 Vendor: zlib ExpectedLocations: - - '%programfiles%\DS Clock' + - '%PROGRAMFILES%\DS Clock' VulnerableExecutables: - Path: '%PROGRAMFILES%\DS Clock\dsclock.exe' Type: Sideloading @@ -22,7 +22,7 @@ VulnerableExecutables: SHA256: - f85ce4492e1354f8310027c5f70ef73aae654fcd8fd9a58034e4f82a41a9826b Resources: - - https://x.com/malwrhunterteam/status/1859316170773397966 + - https://twitter.com/malwrhunterteam/status/1859316170773397966 - https://www.virustotal.com/gui/file/b8d38fc9f4560719fa64227e4b25b732b22602cb596d44cb38418a196c3340be - https://github.com/Still34/malware-lab/tree/main/reworkshop/2024-11-24 Acknowledgements: