Posible cabal bot

Page 1 of 3 1 23
11/05/2007 10:29 Crazycrack#1
Hey there i found some taiwan (well i think it was taiwan...) forum and as much as i can understand they say that they got a Cabal online bot so i need some1 to confirm if its true or not i am posting it here i scanned it for viruses and it seems to be clean if some1 will manage to make it run please share the info how to do it .
Link:

Cheers
11/05/2007 12:13 vivian62#2
Lol don't enter your ID an PA he just need hack you -_- ban it don't dl.


vivian62
11/05/2007 12:19 Crazycrack#3
This bot(If it is bot) it connects to taiwan or what ever country it is cabal server just open UserInfo\config.ini ....

P.S. There are some Cabal client files maps and some others and here i found screen of ver 1.5 but i dunno if its real [Only registered and activated users can see links. Click Here To Register...]
And here the screen of bot launched [Only registered and activated users can see links. Click Here To Register...]

I found out some functions of it: useitem,pickup,attack monster,cripple walk,auto sell to player shop,smooth walk,avoid monster,semi-auto sell to npc,smart money boom pickup,auto walk buy/sell (same map) and some more.
11/05/2007 13:06 KamikadZee#4
and it realy Works? or it's just the simple Spam keyloger or other shit ?
11/05/2007 13:09 Crazycrack#5
I dont know i havent runned it i need some1 who understands in this kind of stuff to check it out.
P.S. I wrote an email to the guy who claims that have created this bot for more information about it and possible translation of it into English.
11/05/2007 13:19 KamikadZee#6
Dont sure if it safe
Antivirus;Version;Last Update;Result
AhnLab-V3;2007.11.5.0;2007.11.05;-
AntiVir;7.6.0.30;2007.11.05;-
Authentium;4.93.8;2007.11.03;-
Avast;4.7.1074.0;2007.11.04;-
AVG;7.5.0.503;2007.11.05;-
BitDefender;7.2;2007.11.05;-
CAT-QuickHeal;9.00;2007.11.03;(Suspicious) - DNAScan
ClamAV;0.91.2;2007.11.04;-
DrWeb;4.44.0.09170;2007.11.05;DLOADER.Trojan
eSafe;7.0.15.0;2007.10.28;-
eTrust-Vet;31.2.5264;2007.11.02;-
Ewido;4.0;2007.11.05;-
FileAdvisor;1;2007.11.05;-
Fortinet;3.11.0.0;2007.10.19;-
F-Prot;4.4.2.54;2007.11.05;-
F-Secure;6.70.13030.0;2007.11.05;-
Ikarus;T3.1.1.12;2007.11.05;Trojan-Spy.Win32.Ardamax.i
Kaspersky;7.0.0.125;2007.11.05;-
McAfee;5155;2007.11.02;-
Microsoft;1.2908;2007.11.05;-
NOD32v2;2637;2007.11.05;-
Norman;5.80.02;2007.11.05;-
Panda;9.0.0.4;2007.11.04;Suspicious file
Prevx1;V2;2007.11.05;Heuristic: Suspicious Self Modifying File
Rising;20.17.01.00;2007.11.05;-
Sophos;4.23.0;2007.11.05;-
Sunbelt;2.2.907.0;2007.11.02;VIPRE.Suspicious
Symantec;10;2007.11.05;-
TheHacker;6.2.9.110;2007.10.27;-
VBA32;3.12.2.4;2007.11.03;-
VirusBuster;4.3.26:9;2007.11.04;-
Webwasher-Gateway;6.6.1;2007.11.05;Win32.Malware.gen (suspicious)

Additional information
File size: 2289259 bytes
MD5: 28165c3347f03c9152117874e19d9a96
SHA1: 2e5e33ffdd5835cccf52fdc293e7468cadc6e383
packers: Edit, PE_Patch
Prevx info: [Only registered and activated users can see links. Click Here To Register...]
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
11/05/2007 13:42 x901#7
i tried it when i write user name and pass it says strange words i can't read the language any help????
11/05/2007 13:51 KamikadZee#8
same here



i dont think it;s for Eu Cabal dont wokr for me
11/05/2007 14:15 -Chrome-#9
Quote:
Originally Posted by KamikadZee View Post
Ikarus;T3.1.1.12;2007.11.05;Trojan-Spy.Win32.Ardamax.i
ardamax is a keylogger :)
11/05/2007 17:52 x901#10
yes i know then o deleted it all
11/06/2007 01:14 rinleez#11
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Bot.exe.....


well the executor looks clean and maybe some dll files look ifnected.. look at config.ini maybe we try change it to cabal addresses
11/06/2007 14:18 soundwave3#12
also we should change enc files :] but anyway i don't think that this will work for europe cabal
11/06/2007 19:05 Bzzz#13
Quote:
Originally Posted by soundwave3 View Post
also we should change enc files :] but anyway i don't think that this will work for europe cabal
I try connect to European server. But it gives the error message.
11/07/2007 00:15 soundwave3#14
what error message? by the way this bot for xtrap and we got gg..
11/07/2007 06:12 Bzzz#15
Quote:
Originally Posted by soundwave3 View Post
what error message? by the way this bot for xtrap and we got gg..
there is all in hieroglyphic :confused:
Page 1 of 3 1 23