Categories > Exploiting > WRD Exploit API >

Suspicious File in the API

Posts: 24

Threads: 8

Joined: Jan, 2021

Reputation: 0

Posted

Looking through WRD API C#, I found that it needs a file named qdRFzx.exe, which is considered a dependency, I just want to know what it does?

Links to WRD API Data:
https://cdn.wearedevs.net/software/exploitapi/latestdata.json

https://raw.githubusercontent.com/WeAreDevs-Official/backups/master/wrdeapi.json

  • 0

We learn from mistakes or experience, well negative rep it's a very good experience

Knows Lua, C#, NodeJS

Learning C++, C and Reverse Engineering

Akula

Pv.Akula

vip

Posts: 221

Threads: 14

Joined: Apr, 2018

Reputation: 37

Replied

who knows? good question though, cba to go through to actually test it out. hopefully someone else answers for u

  • 0

Posts: 24

Threads: 8

Joined: Jan, 2021

Reputation: 0

Replied

@Akula I threw it into IDA, took a memory dump, there's little to no information about what it does or what it is used for, my skill might be too low to understand it right now, but thanks, I'll try finding someone who can actual understand what's going on with this

 

  • 0

We learn from mistakes or experience, well negative rep it's a very good experience

Knows Lua, C#, NodeJS

Learning C++, C and Reverse Engineering

Posts: 1008

Threads: 66

Joined: Sep, 2021

Reputation: 20

Replied

wrd api is suspicious. here is the text if you dont want to go to the url.

{"Indicium_Supra_dll":"https://cdn.discordapp.com/attachments/753114724215947267/929596805140852746/Indicium_Supra.dll","qdRFzx_exe":"https://cdn.discordapp.com/attachments/753114724215947267/929597026902093885/qdRFzx.exe","exploit-module":{"version":2774,"patched":false,"download":"https://cdn.discordapp.com/attachments/753114724215947267/942978994691772446/exploit-main.dll"},"csapi":{"version":4,"download":"https://cdn.discordapp.com/attachments/753114724215947267/934108283323699210/WeAreDevs_API.dll"}}
  • 0

"Building blocks of imagination, united in the virtual realm, where creativity thrives and friendships ignite. Welcome to the Roblox revolution!" - chatgpt

 

Posts: 1477

Threads: 95

Joined: Oct, 2019

Reputation: 103

Replied

It's Dac Inject Calm Down Lmao

  • 0

Alternate

stop take my rice

vip

Posts: 710

Threads: 113

Joined: Mar, 2022

Reputation: 40

Replied

This is, as far as I know, part of the injection system. If you run the actual file, it brings up the API injection prompt. The WeAreDevs API commonly seems to use files with strange names such as "qdRFzx.exe" and even "i.exe" that are part of the injection system. Don't worry about this file.

 

EDIT: I did more research into it, and this file IS for the injection system, however the legacy injection system, not the main one. The WeAreDevs API has 2 injection methods: regular, and legacy. Legacy is an older method that can be detected, while regular is newer and has way lower chance of being detected. The file "qdRFzx.exe" is for the legacy injection, not the main.

  • 0

test_bot2 is back

 

please stop taking my rice i need it to breathe

Posts: 512

Threads: 32

Joined: Aug, 2021

Reputation: 58

Replied

it's just the injector 

  • 1

Posts: 2016

Threads: 198

Joined: Apr, 2021

Reputation: 16

Replied

This is the injector, no need to worries.

  • 0

Random quote here...

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )