Sign in to follow this  
Followers 0
r3velati0n

Trojan?

13 posts in this topic

#2 ·  Posted (edited)

My crappy Sophos antivirus doesn't pick up anything. Also when I try to decompile it, I get a message saying this is not a valid autoit script.

Edited by weaponx

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Its made with AutoIt, you can tell.

Crystal clear, at least the GUI was written in AutoIt. And the Score is ... WinInfo 1 Decomipler 0 :)

Posted Image

Edited by ssubirias3

Share this post


Link to post
Share on other sites

Crystal clear, at least the GUI was written in AutoIt. And the Score is ... WinInfo 1 Decomipler 0 :)

Posted Image

lol well done...

i made a autotaker once... let me have a look for it...

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1

Posted Image

Edited by ashley

Share this post


Link to post
Share on other sites

lol well done...

i made a autotaker once... let me have a look for it...

here found it

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.7.1 (beta)
 Author:         ashey
 Edited: JUST by ashley
 
 Script Function:
    a runescape autotalker

#ce ----------------------------------------------------------------------------


#include <GUIConstants.au3>

Opt("GUIOnEventMode", 1) ; Added this since it looks like you using on event mode for your GUI
Opt("TrayMenuMode", 1) ;Added this to only show Autotalker tray menu options
Opt("TrayOnEventMode", 1) ;Added this for tray menu to work on event as well

TraySetClick(16) ; Set tray menu to show when right mouse click

Global $input[13], $Hide[1], $SettingsPath[1],  $label[13] ; Just some arrays for storing settings etc


HotKeySet("^h", "Hide") ; This is to call hide function, toggles hide or show gui
HotKeySet("!{ESC}", "Close") ; This is to call close function, this way a user can exit autotalker even if the gui is hidden
HotKeySet("{F1}", "F1")
HotKeySet("{F2}", "F2")
HotKeySet("{F3}", "F3")
HotKeySet("{F4}", "F4")
HotKeySet("{F5}", "F5")
HotKeySet("{F6}", "F6")
HotKeySet("{F7}", "F7")
HotKeySet("{F8}", "F8")
HotKeySet("{F9}", "F9")
HotKeySet("{F10}", "F10")
HotKeySet("{F11}", "F11")
HotKeySet("{F12}", "F12")

$Main = GUICreate("Autotyper Basic- ashley",500,363) ;Put your main window in a variable so you can use it on an event.
WinSetOnTop("Autotyper Basic- ashley","",1)

;---- Gui Labels
GUICtrlCreateLabel("HOW TO USE" & @CRLF & @CRLF & "STEP 1:" & @CRLF & @CRLF & "Type in the text you want..." & _
                    @CRLF & @CRLF & "STEP 2:" & @CRLF & @CRLF & "Then go on to 'Runescape'" & @CRLF & @CRLF & _
                    "And press the corret 'F' key" & @CRLF & @CRLF & "This will autotype for you" & @CRLF & _
                    @CRLF & "ENJOY",300,50,150,280,$SS_CENTER)
GUICtrlCreateLabel("This Autotalker was made by 'ashley'... you may use this for free.." & @CRLF & _
                    "enjoy!!!",5,313,490,50,$SS_CENTER)

For $lbl = 13 To 288 Step 25
    $label[Ceiling($lbl/25)] = GUICtrlCreateLabel('F' & Ceiling($lbl/25), -1, $lbl,20,-1,$SS_CENTER) ;<- This creates the "F" labels
Next



;---- Gui Input Boxes
For $in = 10 To 285 Step 25
    $input[Ceiling($in/25)] = GUICtrlCreateInput("", 30, $in, 200) ; <- This creates the input boxes
Next

GUISetOnEvent($GUI_EVENT_CLOSE, 'Close') ; Added this so your GUI will call a function to exit
GUISetOnEvent($GUI_EVENT_MINIMIZE, 'Hide') ; Added this so your GUI will call a function to hide gui

GUISetState()

;--- Tray Menu
$HideShow = TrayCreateItem('Hide Autotalker',  -1, 0)
TrayItemSetOnEvent(-1, "Hide")

TrayCreateItem('',  -1, 1) ;Divider line in tray menu , cosmetic touch...lol


$Close = TrayCreateItem('Exit',  -1, 5)
TrayItemSetOnEvent(-1, "Close")

TraySetState()

While 1
    Sleep(10)
Wend

;~ Func Menu

Func F1() ;Maybe make it so the send function only works if the window it sends to is active, just a suggestion
    If GUICtrlRead($input[1]) <> "" Then
        Send(GUICtrlRead($input[1]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F2()
    If GUICtrlRead($input[2]) <> "" Then
        Send(GUICtrlRead($input[2]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F3()
    If GUICtrlRead($input[3]) <> "" Then
        Send(GUICtrlRead($input[3]))
        Send("{ENTER}")
    EndIf   
EndFunc

Func F4()
    If GUICtrlRead($input[4]) <> "" Then
        Send(GUICtrlRead($input[4]))
        Send("{ENTER}")
    EndIf   
EndFunc

Func F5()
    If GUICtrlRead($input[5]) <> "" Then
        Send(GUICtrlRead($input[5]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F6()
    If GUICtrlRead($input[6]) <> "" Then
        Send(GUICtrlRead($input[6]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F7()
    If GUICtrlRead($input[7]) <> "" Then 
        Send(GUICtrlRead($input[7]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F8()
    If GUICtrlRead($input[8]) <> "" Then 
        Send(GUICtrlRead($input[8]))
        Send("{ENTER}")
    EndIf   
EndFunc

Func F9()
    If GUICtrlRead($input[9]) <> "" Then 
        Send(GUICtrlRead($input[9]))
        Send("{ENTER}")
    EndIf   
EndFunc

Func F10()
    If GUICtrlRead($input[10]) <> "" Then 
        Send(GUICtrlRead($input[10]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F11()
    If GUICtrlRead($input[11]) <> "" Then 
        Send(GUICtrlRead($input[11]))
        Send("{ENTER}")
    EndIf
EndFunc

Func F12() ; F12 will NOT work as a hotkey on it's own as it's reserved by windows, this is documented in the AutoIt help file!
    If GUICtrlRead($input[12]) <> "" Then 
        Send(GUICtrlRead($input[12]))
        Send("{ENTER}")
    EndIf   
EndFunc

Func Hide() ; Toggle hide or show the gui function.
    If $Hide[0] = 1 Then
        GUISetState(@SW_SHOW, $Main)
        If BitAnd(WinGetState("Autotyper Basic- ashley", ""), 16) Then
            WinSetState("Autotyper Basic- ashley", '', @SW_RESTORE)
        EndIf
        WinSetOnTop("Autotyper Basic- ashley","",1)
        $Hide[0] = 0
        TrayItemSetText($HideShow, 'Hide Autotalker')
    ElseIf $Hide[0] = 0 Then
        
        GUISetState(@SW_HIDE, $Main)
        $Hide[0] = 1
        TrayItemSetText($HideShow, 'Show Autotalker')
    EndIf
EndFunc



Func Close() ; This is the function called from GUISetOnEvent to exit.
    Exit
EndFunc

Share this post


Link to post
Share on other sites

Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1

LOL, yeah and I'm thinking checking the .exe properties as JamesB pointed out would win the tie breaker! But getting back to the real question of the thread:

I was told it was the way the program 'compiles', anyone like to verify this or comment?

@r3velati0n - check out the sticky titled "Are my AutoIt EXE's really infected?..." touches on this topic of false positives.

Share this post


Link to post
Share on other sites

Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1

New Score is ... WinInfo 1, Hacked Decomipler 1, Microsoft properties func 1 :)

Share this post


Link to post
Share on other sites

New Score is ... WinInfo 1, Hacked Decomipler 1, Microsoft properties func 1 ;)

Leave to Zedna to hack the Decomipler! :) Now that you can see the actual au3 code, do you see anything malicious? That's probably r3velati0n's biggest concern.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0