Virus?

[Darkmonkey55]

I know this is an exe but I'm not sure where else to ask tbh. My antivirus (nortons) says it is safe, 2 oither websites say it is safe. But virustotal flags 2 thingso n it one as trojan and one as malicious. The antivirus used for these on virustotal is deepinstinct for malicious and a crappy one which i cant remember the name for but apparently is bad.

https://www.virustotal.com/gui/file/5c6ed44b5b054ebd8013475098f2e3e2db1d907f51448930bc7a8c65620005c2/detection

Would you be able to see if this is a rat or virus or smt? https://github.com/jven123/BreatheClicker

I need it for a server I play, the server allows 14 cps, but most autoclickers get the cps wrong or are toggle instead of holding it down.

[KTibow]

I don't know that much about .exe files, but I can tell you if VirusTotal only has 2 or 3 detections, the flags are probably false positives. I would recommend you ask in Vanta.

[Darkmonkey55]

I don't know that much about .exe files, but I can tell you if VirusTotal only has 2 or 3 detections, the flags are probably false positives. I would recommend you ask in Vanta.

Thanks for the response (that was insanely quick xD)

Sorry to be a pain but is there anywhere else to ask? Discord is blocked for me.

[KTibow]

FYI you should've scanned the main .exe. (It looks like pyinstaller) I'll ask someone and see if they can classify this.

[Darkmonkey55]

Ok thanks... Im not sure what pyinstaller is, is it bad?

[KTibow]

It means the code was originally in Python, and they turned it into an exe.

[KTibow]

I decompiled it. It could be that they injected something elsewhere, and of course you could always not autoclick, but the main program looks fine.

Decompiled main file

# Source Generated with Decompyle++ # File: Breathe_Clicker.pyc (Python 3.9) Unsupported opcode: WITH_EXCEPT_START import win32api import win32con import win32gui import win32process import psutil import time import threading import random import winsound import os import json import subprocess import sys import asyncio import itertools import base64 import re from dearpygui.dearpygui import dearpygui as dpg from pypresence import Presence class configListener(dict): def __init__(self = None, initialDict = None): Warning: block stack is not empty! for k, v in initialDict.items(): if isinstance(v, dict): initialDict[k] = configListener(v) continue super().__init__(initialDict) return None def __setitem__(self = None, item = None, value = None): Unsupported opcode: RERAISE if isinstance(value, dict): _value = configListener(value) else: _value = value super().__setitem__(item, _value) # WARNING: Decompyle incomplete __classcell__ = None class breathe: def __init__(self = None, hwid = None): Unsupported opcode: RERAISE self.config = { 'left': { 'enabled': False, 'mode': 'Hold', 'bind': 0, 'maxCPS': 12, 'minCPS': 12, 'onlyWhenFocused': True, 'stap1': False, 'stapChance': 8, 'breakBlocks': False, 'RMBLock': False, 'allowBlockHit': False, 'blockHit': False, 'blockHitChance': 20, 'shakeEffect': False, 'shakeEffectForce': 5, 'soundPath': '', 'workInMenus': False, 'blatant': False }, 'right': { 'enabled': False, 'mode': 'Hold', 'bind': 0, 'maxCPS': 12, 'minCPS': 12, 'onlyWhenFocused': True, 'eatAndDrink': False, 'LMBLock': False, 'shakeEffect': False, 'shakeEffectForce': False, 'soundPath': '', 'workInMenus': False, 'blatant': False }, 'recorder': { 'enabled': False, 'record': [ 0.08] }, 'misc': { 'saveSettings': True, 'guiHidden': False, 'bindHideGUI': 0, 'discordRichPresence': True } } # WARNING: Decompyle incomplete def discordRichPresence(self): asyncio.set_event_loop(asyncio.new_event_loop()) discordRPC = Presence('1067741426521215037') discordRPC.connect() startTime = time.time() states = [ 'Breathe Client'] if self.config['misc']['discordRichPresence']: discordRPC.update(random.choice(states), startTime, 'Breathe Client', [ { 'label': 'Discord Server', 'url': 'https://discord.gg/Jchr62cncP' }], **('state', 'start', 'large_text', 'buttons')) else: discordRPC.clear() time.sleep(15) continue def windowListener(self): Unsupported opcode: RERAISE currentWindow = win32gui.GetForegroundWindow() self.realTitle = win32gui.GetWindowText(currentWindow) self.window = win32gui.FindWindow('LWJGL', None) # WARNING: Decompyle incomplete def leftClicker(self): if not self.config['recorder']['enabled']: if self.config['left']['blatant']: delay = 1 / random.choice([ self.config['left']['maxCPS'], self.config['left']['minCPS']]) else: delay = random.random() % 2 / random.choice([ self.config['left']['maxCPS'], self.config['left']['minCPS']]) else: delay = float(next(self.record)) if self.config['left']['enabled']: if not self.config['left']['mode'] == 'Hold' and win32api.GetAsyncKeyState(1) < 0: time.sleep(delay) continue if self.config['left']['RMBLock'] and win32api.GetAsyncKeyState(2) < 0: time.sleep(delay) continue if self.config['left']['onlyWhenFocused']: if 'java' not in self.focusedProcess and 'AZ-Launcher' not in self.focusedProcess: time.sleep(delay) continue if not self.config['left']['workInMenus']: cursorInfo = win32gui.GetCursorInfo()[1] if cursorInfo > 50000 and cursorInfo < 100000: time.sleep(delay) continue if self.config['left']['onlyWhenFocused']: threading.Thread(self.leftClick, (True,), True, **('target', 'args', 'daemon')).start() else: threading.Thread(self.leftClick, (None,), True, **('target', 'args', 'daemon')).start() time.sleep(delay) continue def leftClick(self, focused): if focused != None: if self.config['left']['breakBlocks']: win32api.SendMessage(self.window, win32con.WM_LBUTTONDOWN, 0, 0) else: win32api.SendMessage(self.window, win32con.WM_LBUTTONDOWN, 0, 0) time.sleep(0.02) win32api.SendMessage(self.window, win32con.WM_LBUTTONUP, 0, 0) if (self.config['left']['blockHit'] or self.config['left']['blockHit']) and self.config['right']['enabled'] and self.config['right']['LMBLock'] and win32api.GetAsyncKeyState(2) < 0 and random.uniform(0, 1) <= self.config['left']['blockHitChance'] / 100: win32api.SendMessage(self.window, win32con.WM_RBUTTONDOWN, 0, 0) time.sleep(0.02) win32api.SendMessage(self.window, win32con.WM_RBUTTONUP, 0, 0) if not (self.config['left']['allowBlockHit'] or self.config['left']['allowBlockHit']) and self.config['right']['enabled'] and self.config['right']['LMBLock'] and win32api.GetAsyncKeyState(2) < 0: time.sleep(0.02) win32api.SendMessage(self.window, win32con.WM_RBUTTONUP, 0, 0) if self.config['left']['stap1'] and self.config['left']['onlyWhenFocused'] and random.uniform(0, 1) <= self.config['left']['stapChance'] / 100: randomdelay = [ 0.1, 0.156, 0.145, 0.125, 0.187, 0.105] win32api.keybd_event(83, 0, 0, 0) time.sleep(random.choice(randomdelay)) win32api.keybd_event(83, 0, win32con.KEYEVENTF_KEYUP, 0) elif self.config['left']['breakBlocks']: win32api.mouse_event(win32con.MOUSEEVENTF_LEFTDOWN, 0, 0) else: win32api.mouse_event(win32con.MOUSEEVENTF_LEFTDOWN, 0, 0) time.sleep(0.02) win32api.mouse_event(win32con.MOUSEEVENTF_LEFTUP, 0, 0) if (self.config['left']['blockHit'] or self.config['left']['blockHit']) and self.config['right']['enabled'] and self.config['right']['LMBLock'] and win32api.GetAsyncKeyState(2) < 0 and random.uniform(0, 1) <= self.config['left']['blockHitChance'] / 100: win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTDOWN, 0, 0) time.sleep(0.02) win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTUP, 0, 0) if not (self.config['left']['allowBlockHit'] or self.config['left']['allowBlockHit']) and self.config['right']['enabled'] and self.config['right']['LMBLock'] and win32api.GetAsyncKeyState(2) < 0: time.sleep(0.02) win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTUP, 0, 0) if self.config['left']['soundPath'] != '' and os.path.isfile(self.config['left']['soundPath']): winsound.PlaySound(self.config['left']['soundPath'], winsound.SND_ASYNC) if self.config['left']['shakeEffect']: currentPos = win32api.GetCursorPos() direction = random.randint(0, 3) pixels = random.randint(-self.config['left']['shakeEffectForce'], self.config['left']['shakeEffectForce']) if direction == 0: win32api.SetCursorPos((currentPos[0] + pixels, currentPos[1] - pixels)) elif direction == 1: win32api.SetCursorPos((currentPos[0] - pixels, currentPos[1] + pixels)) elif direction == 2: win32api.SetCursorPos((currentPos[0] + pixels, currentPos[1] + pixels)) elif direction == 3: win32api.SetCursorPos((currentPos[0] - pixels, currentPos[1] - pixels)) def leftBindListener(self): Unsupported opcode: RERAISE pass # WARNING: Decompyle incomplete def rightClicker(self): if self.config['right']['blatant']: delay = 1 / random.choice([ self.config['right']['maxCPS'], self.config['right']['minCPS']]) else: delay = random.random() % 2 / random.choice([ self.config['right']['maxCPS'], self.config['right']['minCPS']]) if self.config['right']['enabled']: if not self.config['right']['mode'] == 'Hold' and win32api.GetAsyncKeyState(2) < 0: time.sleep(delay) continue if self.config['right']['LMBLock'] and win32api.GetAsyncKeyState(1) < 0: time.sleep(delay) continue if self.config['right']['onlyWhenFocused']: if 'java' not in self.focusedProcess and 'AZ-Launcher' not in self.focusedProcess: time.sleep(delay) continue if not self.config['right']['workInMenus']: cursorInfo = win32gui.GetCursorInfo()[1] if cursorInfo > 50000 and cursorInfo < 100000: time.sleep(delay) continue if self.config['right']['onlyWhenFocused']: threading.Thread(self.rightClick, (True,), True, **('target', 'args', 'daemon')).start() else: threading.Thread(self.rightClick, (None,), True, **('target', 'args', 'daemon')).start() time.sleep(delay) continue def rightClick(self, focused): if focused != None: if self.config['right']['eatAndDrink']: win32api.SendMessage(self.window, win32con.WM_RBUTTONDOWN, 0, 0) else: win32api.SendMessage(self.window, win32con.WM_RBUTTONDOWN, 0, 0) time.sleep(0.02) win32api.SendMessage(self.window, win32con.WM_RBUTTONUP, 0, 0) elif self.config['right']['eatAndDrink']: win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTDOWN, 0, 0) else: win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTDOWN, 0, 0) time.sleep(0.02) win32api.mouse_event(win32con.MOUSEEVENTF_RIGHTUP, 0, 0) if self.config['right']['soundPath'] != '' and os.path.isfile(self.config['right']['soundPath']): winsound.PlaySound(self.config['right']['soundPath'], winsound.SND_ASYNC) if self.config['right']['shakeEffect']: currentPos = win32api.GetCursorPos() direction = random.randint(0, 3) pixels = random.randint(-self.config['right']['shakeEffectForce'], self.config['right']['shakeEffectForce']) if direction == 0: win32api.SetCursorPos((currentPos[0] + pixels, currentPos[1] - pixels)) elif direction == 1: win32api.SetCursorPos((currentPos[0] - pixels, currentPos[1] + pixels)) elif direction == 2: win32api.SetCursorPos((currentPos[0] + pixels, currentPos[1] + pixels)) elif direction == 3: win32api.SetCursorPos((currentPos[0] - pixels, currentPos[1] - pixels)) def rightBindListener(self): Unsupported opcode: RERAISE pass # WARNING: Decompyle incomplete def hideGUIBindListener(self): if win32api.GetAsyncKeyState(self.config['misc']['bindHideGUI']) != 0: self.config['misc']['guiHidden'] = not self.config['misc']['guiHidden'] if not self.config['misc']['guiHidden']: win32gui.ShowWindow(guiWindows, win32con.SW_SHOW) else: win32gui.ShowWindow(guiWindows, win32con.SW_HIDE) if win32api.GetAsyncKeyState(self.config['misc']['bindHideGUI']) != 0: time.sleep(0.001) continue time.sleep(0.001) continue # WARNING: Decompyle incomplete

If you know enough about Python you could only run the decompiled code so nothing unknown could run.

[Darkmonkey55]

I know nothing abt python... Idk how to run decompiled code. Also the only reason i want to autoclick is because a server i play on allows it, and i dont want to get carpol tunnel.

[Darkmonkey55]

Thanks so much for your help though!

[Darkmonkey55]

I decompiled it. It could be that they injected something elsewhere, and of course you could always not autoclick, but the main program looks fine.

Decompiled main file If you know enough about Python you could only run the decompiled code so nothing unknown could run.

Would you also be able to check this? The other clicker wasnt a virus and it works good but u cant unbind the stuff

https://github.com/Pickleft/Swift/releases

If u cant i understand, also this is last thing i wont ask anything else xD

[KTibow]

That one is open source so you could compile it yourself if you trust it. It has many flags on VirusTotal but not on Triage. They might be false flags (because it has a self-destruct function) or real flags.

[Darkmonkey55]

ahhh right.... How do you compile things?

[Darkmonkey55]

I have 0 coding knowledge, so is there like a website or smt that just like automatically sets the information out or...

[Darkmonkey55]

That one is open source so you could compile it yourself if you trust it. It has many flags on VirusTotal but not on Triage. They might be false flags (because it has a self-destruct function) or real flags.

Does it look relatively clean? or does it look sketchy? (looking at the code and stuff) He has like 280 subs on yt, and it seems semi wellknown but yk risks

[KTibow]

if you need to use it, use it