|
|
|
Page 1 of 3 |
[ 37 posts ] |
1, 2, 3 Next
|
 Darkfall Assist : Darkfall Online - Submissions
|
|
| Posted: August 30th, 2010, 10:40 am
|
|
|
|
seand88
Total Posts: 8
Joined: August 30th, 2010, 10:35 am
seand88's Reps: 0
|
|
I got a copy of a useful tool for darkfall.
Posted in on my website at http://dfassist.com/
This is supposively used by all of VAMP and other darkfall vets.
It an auto it script that loads a .dll file and works by using pixel color detection etc...
Thought might be useful. Has melee,magic macro, auto armor equip etc...
|
|
|
|
|
| Posted: August 30th, 2010, 3:14 pm
|
|
|
|
bardik
Total Posts: 44
Joined: November 10th, 2009, 10:59 am
bardik's Reps: 13
|
|
Anyone tested this. Looks kinda shady. I've never heard anything about this.
|
|
|
|
|
| Posted: August 31st, 2010, 6:35 am
|
|
|
|
seand88
Total Posts: 8
Joined: August 30th, 2010, 10:35 am
seand88's Reps: 0
|
|
i received it from my brother who also plays darkfall and they have been using it for a while.
The download has the source code in it so you can look at the code.....
|
|
|
|
|
| Posted: August 31st, 2010, 9:20 am
|
|
|
|
hokuto78
Total Posts: 421
Joined: August 24th, 2006, 8:12 pm
hokuto78's Reps: 441
|
|
I wouldn't touch this. It has a Win32.Banker which steals personal information.
Antivirus results
AhnLab-V3 - 2010.08.31.01 - 2010.08.31 - -
AntiVir - 8.2.4.46 - 2010.08.31 - -
Antiy-AVL - 2.0.3.7 - 2010.08.31 - -
Authentium - 5.2.0.5 - 2010.08.31 - -
Avast - 4.8.1351.0 - 2010.08.31 - -
Avast5 - 5.0.594.0 - 2010.08.31 - -
AVG - 9.0.0.851 - 2010.08.31 - -
BitDefender - 7.2 - 2010.08.31 - -
CAT-QuickHeal - 11.00 - 2010.08.31 - -
ClamAV - 0.96.2.0-git - 2010.08.31 - -
Comodo - 5924 - 2010.08.31 - -
DrWeb - 5.0.2.03300 - 2010.08.31 - -
Emsisoft - 5.0.0.37 - 2010.08.31 - -
eSafe - 7.0.17.0 - 2010.08.30 - Win32.Banker
eTrust-Vet - 36.1.7828 - 2010.08.31 - -
F-Prot - 4.6.1.107 - 2010.08.31 - -
F-Secure - 9.0.15370.0 - 2010.08.31 - -
Fortinet - 4.1.143.0 - 2010.08.31 - -
GData - 21 - 2010.08.31 - -
Ikarus - T3.1.1.88.0 - 2010.08.31 - -
Jiangmin - 13.0.900 - 2010.08.30 - -
K7AntiVirus - 9.63.2396 - 2010.08.30 - -
Kaspersky - 7.0.0.125 - 2010.08.31 - -
McAfee - 5.400.0.1158 - 2010.08.31 - -
McAfee-GW-Edition - 2010.1B - 2010.08.31 - -
Microsoft - 1.6103 - 2010.08.31 - -
NOD32 - 5412 - 2010.08.31 - -
Norman - 6.05.11 - 2010.08.31 - -
nProtect - 2010-08-31.01 - 2010.08.31 - -
Panda - 10.0.2.7 - 2010.08.31 - -
PCTools - 7.0.3.5 - 2010.08.31 - -
Prevx - 3.0 - 2010.08.31 - -
Rising - 22.63.01.04 - 2010.08.31 - -
Sophos - 4.56.0 - 2010.08.31 - -
Sunbelt - 6818 - 2010.08.31 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.08.31 - Trojan.Agent/Gen-Goo.Process
Symantec - 20101.1.1.7 - 2010.08.31 - -
TheHacker - 6.5.2.1.359 - 2010.08.31 - -
TrendMicro - 9.120.0.1004 - 2010.08.31 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.31 - -
VBA32 - 3.12.14.0 - 2010.08.31 - -
ViRobot - 2010.8.31.4017 - 2010.08.31 - -
VirusBuster - 5.0.27.0 - 2010.08.31 - -
File info:
MD5: cd91e8e06b7984febe1f9f235c5428e5
SHA1: 3cc3f5bb0ffe5ac6b1b1384664c4878edec86dc6
SHA256: 0e0ef76933c43329b707b12c642ef225ff195c7946df2c43530800d82bde87a2
File size: 1188853 bytes
Scan date: 2010-08-31 17:16:29 (UTC)
|
|
|
|
|
| Posted: August 31st, 2010, 9:58 am
|
|
|
|
brockssn
Total Posts: 38
Joined: March 15th, 2009, 8:57 am
brockssn's Reps: 1
|
|
after looking at the site you dl it from you should realize its not worth downloading... lol
|
|
|
|
|
| Posted: August 31st, 2010, 12:07 pm
|
|
|
|
seand88
Total Posts: 8
Joined: August 30th, 2010, 10:35 am
seand88's Reps: 0
|
|
hmm, i just put it on the hosting site like i said.
I didnt pay to put it up professionaly.
Im not sure about this win32.banker?
Could this be a false positive? Its just an auto it script. Could you be more specific and tell me where you find the malicious code?
|
|
|
|
|
| Posted: August 31st, 2010, 1:20 pm
|
|
|
|
hokuto78
Total Posts: 421
Joined: August 24th, 2006, 8:12 pm
hokuto78's Reps: 441
|
|
If it was just an autoit script it wouldn't be flagged twice with info stealer virus.
|
|
|
|
|
| Posted: September 1st, 2010, 8:10 am
|
|
|
|
cattboy69
Total Posts: 103
Joined: April 1st, 2009, 9:03 pm
cattboy69's Reps: 22
|
seand88 (!empty($user->lang['WROTE'])) ? $user->lang['WROTE'] : ucwords(strtolower(str_replace('_', ' ', 'WROTE'))): hmm, i just put it on the hosting site like i said.
I didnt pay to put it up professionaly.
Im not sure about this win32.banker?
Could this be a false positive? Its just an auto it script. Could you be more specific and tell me where you find the malicious code?
Post autoit Code.
We are sharing community
|
|
|
|
|
| Posted: September 1st, 2010, 11:18 am
|
|
|
|
seand88
Total Posts: 8
Joined: August 30th, 2010, 10:35 am
seand88's Reps: 0
|
|
Would not let me post all the code here.
I uploaded just the code file to the website here.
http://dfassist.com/DFAssist.au3
|
|
|
|
|
| Posted: September 2nd, 2010, 12:56 pm
|
|
|
|
logite
Total Posts: 11
Joined: January 2nd, 2007, 7:05 am
logite's Reps: 0
|
|
My scans didn't pick up anything.. I still have it on a PC with nothing else on it though before I hear from others that say same.
I pasted the .au3 in pastebin
http://pastebin.com/Lnem3KaC
OP: Any other directions with it? I guess it just cast or melee's on a 2nd character until its health is low?
|
|
|
|
|
| Posted: September 2nd, 2010, 5:01 pm
|
|
|
|
hokuto78
Total Posts: 421
Joined: August 24th, 2006, 8:12 pm
hokuto78's Reps: 441
|
|
It looks like the original file has been changed. Here is the new results.
http://www.virustotal.com/file-scan/compact.html?id=2d6a7974221ec40184026b5cb2f04ee3ea626dbeeef5d7894426caeef61865c9-1283475304
|
|
|
|
|
| Posted: September 2nd, 2010, 7:49 pm
|
|
|
|
bardik
Total Posts: 44
Joined: November 10th, 2009, 10:59 am
bardik's Reps: 13
|
|
So what does the autoit script actually do?
|
|
|
|
|
| Posted: September 3rd, 2010, 5:52 am
|
|
|
|
logite
Total Posts: 11
Joined: January 2nd, 2007, 7:05 am
logite's Reps: 0
|
|
Disregard what I said about not finding any thing I picked up Trojan.Agent/Gen-goo. I'm glad I stuck it on a dummy pc. It looks like it was a legit app, but some jackass stuck a trojan on it.
|
|
|
|
|
| Posted: September 3rd, 2010, 8:08 am
|
|
|
|
cattboy69
Total Posts: 103
Joined: April 1st, 2009, 9:03 pm
cattboy69's Reps: 22
|
|
This is The Mercs- Rapidmelee macro.
It is a macro that allows a client to auto-melee and heal a dummy character by using pixel detection.
But, poster added trojan to file.
Ask TM for orinigal or ask Dim Hail -- Taken from code
"MsgBox(0, "Version", "DFAssist BY Diminished Hail: Complete Forever Version : " & $VER & " !@#$%^&* Resistant Build " & @CRLF & "WARNING! If you get this file THROUGH an EMAIL, I DO NOT promise it being free of ANY virurs's etc... Please download from DFTool.com")"
Until it is clean.
Nay
|
|
|
|
|
| Posted: September 3rd, 2010, 8:56 am
|
|
|
|
logite
Total Posts: 11
Joined: January 2nd, 2007, 7:05 am
logite's Reps: 0
|
cattboy69 (!empty($user->lang['WROTE'])) ? $user->lang['WROTE'] : ucwords(strtolower(str_replace('_', ' ', 'WROTE'))): This is The Mercs- Rapidmelee macro.
It is a macro that allows a client to auto-melee and heal a dummy character by using pixel detection.
But, poster added trojan to file.
Ask TM for orinigal or ask Dim Hail -- Taken from code
"MsgBox(0, "Version", "DFAssist BY Diminished Hail: Complete Forever Version : " & $VER & " !@#$%^&* Resistant Build " & @CRLF & "WARNING! If you get this file THROUGH an EMAIL, I DO NOT promise it being free of ANY virurs's etc... Please download from DFTool.com")"
Until it is clean.
Nay
It would sure be nice to have the original. That dfassist domain was registered in March this year. So I guess the OP has been planning this awhile.
http://www.networksolutions.com/whois-search/dfassist.com
|
|
|
|
|
|
Who is online |
|
| Users browsing this forum: No registered users and 8 guests |
|
|
|
Darkfall Assist : Darkfall Online - Submissions
RSS Feed
Sitemap
