Custom Anti-Cheat "daruguard.dll"

[Vinceton]

 

I downloaded a popular private Archeage(an MMORPG) server called "Archeage Classic" and this server has a custom "Anti-cheat" dll file called Daruguard.dll. The server owner (goes by "Aguru" in discord) claims this is a professional grade anti-cheat file and it prevents practically all cheating. This file triggers many alarms across every anti-virus I've run it against but is said to just be false-positives due to the developer using VMPROTECT to obfuscate code to prevent cheaters from reversing it. Inorder to play this private server you are instructed to turn off your anti-virus or add the entire project folder as an exception. I've run the game with this dll loaded and modified memory and injected my own dll into the application and never received a warning or any punishment to my account over multiple instances. I was also able to completely bypass loading this module with the game. My intuition tells me that this file is no good and I'm looking for someone with more experience than me to take a look at this file and let me know if it's malicious or benign. This server is decently popular with a couple thousand active daily users that have this file running on their machines.

https://www.virustotal.com/gui/file/f8459ec3486f8a803a0e4f506ba13eefeee9f82738ccc4101c0dbe8f6a31b0da
https://malshare.com/sample.php?action=detail&hash=f8459ec3486f8a803a0e4f506ba13eefeee9f82738ccc4101c0dbe8f6a31b0da

daruguard.rar

[miekiemoes]

Hi,

This file looks safe. It's the way how it's obfuscated that triggers detection since malware uses same technique. We will adjust detection. It's always good practice, especially if obfuscation is being used, to digitally sign files.