r3velati0n Posted August 30, 2007 Share Posted August 30, 2007 Hi, I recently downloaded a program created in AutoIt. I scanned it to find 2 Trojan downloadershttp://www.virustotal.com/resultado.html?f...f94a07a36eca9faI was told it was the way the program 'compiles', anyone like to verify this or comment?The Program: http://rapidshare.com/files/52121084/RSU_AutoTyper.exe - Run at your own risk >_> Link to comment Share on other sites More sharing options...
weaponx Posted August 30, 2007 Share Posted August 30, 2007 (edited) My crappy Sophos antivirus doesn't pick up anything. Also when I try to decompile it, I get a message saying this is not a valid autoit script. Edited August 30, 2007 by weaponx Link to comment Share on other sites More sharing options...
ashley Posted August 30, 2007 Share Posted August 30, 2007 (edited) im checking it now with norton *Checked* Found nothing Edited August 30, 2007 by ashley Free icons for your programs Link to comment Share on other sites More sharing options...
James Posted August 30, 2007 Share Posted August 30, 2007 Its made with AutoIt, you can tell. Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
ssubirias3 Posted August 30, 2007 Share Posted August 30, 2007 (edited) Its made with AutoIt, you can tell.Crystal clear, at least the GUI was written in AutoIt. And the Score is ... WinInfo 1 Decomipler 0 Edited August 30, 2007 by ssubirias3 Link to comment Share on other sites More sharing options...
ashley Posted August 30, 2007 Share Posted August 30, 2007 Crystal clear, at least the GUI was written in AutoIt. And the Score is ... WinInfo 1 Decomipler 0 lol well done...i made a autotaker once... let me have a look for it... Free icons for your programs Link to comment Share on other sites More sharing options...
James Posted August 30, 2007 Share Posted August 30, 2007 Check the .exe properties Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
ashley Posted August 30, 2007 Share Posted August 30, 2007 (edited) Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1 Edited August 30, 2007 by ashley Free icons for your programs Link to comment Share on other sites More sharing options...
ashley Posted August 30, 2007 Share Posted August 30, 2007 lol well done... i made a autotaker once... let me have a look for it... here found it expandcollapse popup#cs ---------------------------------------------------------------------------- AutoIt Version: 3.2.7.1 (beta) Author: ashey Edited: JUST by ashley Script Function: a runescape autotalker #ce ---------------------------------------------------------------------------- #include <GUIConstants.au3> Opt("GUIOnEventMode", 1) ; Added this since it looks like you using on event mode for your GUI Opt("TrayMenuMode", 1) ;Added this to only show Autotalker tray menu options Opt("TrayOnEventMode", 1) ;Added this for tray menu to work on event as well TraySetClick(16) ; Set tray menu to show when right mouse click Global $input[13], $Hide[1], $SettingsPath[1], $label[13] ; Just some arrays for storing settings etc HotKeySet("^h", "Hide") ; This is to call hide function, toggles hide or show gui HotKeySet("!{ESC}", "Close") ; This is to call close function, this way a user can exit autotalker even if the gui is hidden HotKeySet("{F1}", "F1") HotKeySet("{F2}", "F2") HotKeySet("{F3}", "F3") HotKeySet("{F4}", "F4") HotKeySet("{F5}", "F5") HotKeySet("{F6}", "F6") HotKeySet("{F7}", "F7") HotKeySet("{F8}", "F8") HotKeySet("{F9}", "F9") HotKeySet("{F10}", "F10") HotKeySet("{F11}", "F11") HotKeySet("{F12}", "F12") $Main = GUICreate("Autotyper Basic- ashley",500,363) ;Put your main window in a variable so you can use it on an event. WinSetOnTop("Autotyper Basic- ashley","",1) ;---- Gui Labels GUICtrlCreateLabel("HOW TO USE" & @CRLF & @CRLF & "STEP 1:" & @CRLF & @CRLF & "Type in the text you want..." & _ @CRLF & @CRLF & "STEP 2:" & @CRLF & @CRLF & "Then go on to 'Runescape'" & @CRLF & @CRLF & _ "And press the corret 'F' key" & @CRLF & @CRLF & "This will autotype for you" & @CRLF & _ @CRLF & "ENJOY",300,50,150,280,$SS_CENTER) GUICtrlCreateLabel("This Autotalker was made by 'ashley'... you may use this for free.." & @CRLF & _ "enjoy!!!",5,313,490,50,$SS_CENTER) For $lbl = 13 To 288 Step 25 $label[Ceiling($lbl/25)] = GUICtrlCreateLabel('F' & Ceiling($lbl/25), -1, $lbl,20,-1,$SS_CENTER) ;<- This creates the "F" labels Next ;---- Gui Input Boxes For $in = 10 To 285 Step 25 $input[Ceiling($in/25)] = GUICtrlCreateInput("", 30, $in, 200) ; <- This creates the input boxes Next GUISetOnEvent($GUI_EVENT_CLOSE, 'Close') ; Added this so your GUI will call a function to exit GUISetOnEvent($GUI_EVENT_MINIMIZE, 'Hide') ; Added this so your GUI will call a function to hide gui GUISetState() ;--- Tray Menu $HideShow = TrayCreateItem('Hide Autotalker', -1, 0) TrayItemSetOnEvent(-1, "Hide") TrayCreateItem('', -1, 1) ;Divider line in tray menu , cosmetic touch...lol $Close = TrayCreateItem('Exit', -1, 5) TrayItemSetOnEvent(-1, "Close") TraySetState() While 1 Sleep(10) Wend ;~ Func Menu Func F1() ;Maybe make it so the send function only works if the window it sends to is active, just a suggestion If GUICtrlRead($input[1]) <> "" Then Send(GUICtrlRead($input[1])) Send("{ENTER}") EndIf EndFunc Func F2() If GUICtrlRead($input[2]) <> "" Then Send(GUICtrlRead($input[2])) Send("{ENTER}") EndIf EndFunc Func F3() If GUICtrlRead($input[3]) <> "" Then Send(GUICtrlRead($input[3])) Send("{ENTER}") EndIf EndFunc Func F4() If GUICtrlRead($input[4]) <> "" Then Send(GUICtrlRead($input[4])) Send("{ENTER}") EndIf EndFunc Func F5() If GUICtrlRead($input[5]) <> "" Then Send(GUICtrlRead($input[5])) Send("{ENTER}") EndIf EndFunc Func F6() If GUICtrlRead($input[6]) <> "" Then Send(GUICtrlRead($input[6])) Send("{ENTER}") EndIf EndFunc Func F7() If GUICtrlRead($input[7]) <> "" Then Send(GUICtrlRead($input[7])) Send("{ENTER}") EndIf EndFunc Func F8() If GUICtrlRead($input[8]) <> "" Then Send(GUICtrlRead($input[8])) Send("{ENTER}") EndIf EndFunc Func F9() If GUICtrlRead($input[9]) <> "" Then Send(GUICtrlRead($input[9])) Send("{ENTER}") EndIf EndFunc Func F10() If GUICtrlRead($input[10]) <> "" Then Send(GUICtrlRead($input[10])) Send("{ENTER}") EndIf EndFunc Func F11() If GUICtrlRead($input[11]) <> "" Then Send(GUICtrlRead($input[11])) Send("{ENTER}") EndIf EndFunc Func F12() ; F12 will NOT work as a hotkey on it's own as it's reserved by windows, this is documented in the AutoIt help file! If GUICtrlRead($input[12]) <> "" Then Send(GUICtrlRead($input[12])) Send("{ENTER}") EndIf EndFunc Func Hide() ; Toggle hide or show the gui function. If $Hide[0] = 1 Then GUISetState(@SW_SHOW, $Main) If BitAnd(WinGetState("Autotyper Basic- ashley", ""), 16) Then WinSetState("Autotyper Basic- ashley", '', @SW_RESTORE) EndIf WinSetOnTop("Autotyper Basic- ashley","",1) $Hide[0] = 0 TrayItemSetText($HideShow, 'Hide Autotalker') ElseIf $Hide[0] = 0 Then GUISetState(@SW_HIDE, $Main) $Hide[0] = 1 TrayItemSetText($HideShow, 'Show Autotalker') EndIf EndFunc Func Close() ; This is the function called from GUISetOnEvent to exit. Exit EndFunc Free icons for your programs Link to comment Share on other sites More sharing options...
ssubirias3 Posted August 30, 2007 Share Posted August 30, 2007 Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1LOL, yeah and I'm thinking checking the .exe properties as JamesB pointed out would win the tie breaker! But getting back to the real question of the thread:I was told it was the way the program 'compiles', anyone like to verify this or comment?@r3velati0n - check out the sticky titled "Are my AutoIt EXE's really infected?..." touches on this topic of false positives. Link to comment Share on other sites More sharing options...
Zedna Posted August 30, 2007 Share Posted August 30, 2007 Crystal clear,it was written AutoIt. And the Score is ... WinInfo 1, Decomipler 0, Microsoft properties func 1New Score is ... WinInfo 1, Hacked Decomipler 1, Microsoft properties func 1 Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
ssubirias3 Posted August 30, 2007 Share Posted August 30, 2007 New Score is ... WinInfo 1, Hacked Decomipler 1, Microsoft properties func 1 Leave to Zedna to hack the Decomipler! Now that you can see the actual au3 code, do you see anything malicious? That's probably r3velati0n's biggest concern. Link to comment Share on other sites More sharing options...
Zedna Posted August 30, 2007 Share Posted August 30, 2007 Leave to Zedna to hack the Decomipler! Now that you can see the actual au3 code, do you see anything malicious? That's probably r3velati0n's biggest concern.You are right.It looks clean.Only this web related:ShellExecute("http://www.rsunlocked.net/forum/") if you click on splash screen image or app banner Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now