Update fnp_act_installer.yml

Update to include "ISDbg.exe" (40c88a5620a651b6af283dff83c4da997782784da7f85b94fc9b6c02a28862e7)
wietze · Feb 17, 2025 · 151dbc0 · 151dbc0
1 parent 7cdd9e9
commit 151dbc0
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/yml/3rd_party/flexera/fnp_act_installer.yml b/yml/3rd_party/flexera/fnp_act_installer.yml
@@ -12,10 +12,23 @@ VulnerableExecutables:
       - FileDescription: InstallShield Activation Wizard
     SHA256:
       - 'b5f9377bd27fcf48fb3d81d0196021681739f42a198e8340c27d55192d4bd3ac'
+  - Path: '%PROGRAMFILES%\InstallShield\%VERSION%\System\ISDbg.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - FileDescription: InstallShield (R) Script Debugger
+    SHA256:
+      - '40c88a5620a651b6af283dff83c4da997782784da7f85b94fc9b6c02a28862e7'
+    ExpectedSignatureInformation:
+      - Subject: CN="Flexera Software LLC", O="Flexera Software LLC", L=Unknown, C=Unknown
+        Issuer: CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=DigiCert Inc, C=US
+        Type: Code Signing
 Resources:
   - https://asec.ahnlab.com/en/58319/
   - https://www.virustotal.com/gui/file/e7b69768215453b2c648d7060161ce9b9eaf1ace631eb2ac11b60a7195e2263e
 Acknowledgements:
   - Name: Jai Minton
     Company: Huntress
     Twitter: '@cyberrraiju'
+  - Name: Josh Allman
+    Company: Huntress
+    Twitter: '@xorjosh'