Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
GCHQ2776y@segfault0xff ok I now have some assembly by the looks of it, I'm gonna try figure out what it does, thanks!
-
GCHQ2776y@theKarlisK so I set up a windows VM and ran the file, it won't run because of the "&"s, removing them and re running it I got an issue with "/c" at the beginning and now it's not liking the "fOr" maybe it's not intended to be run on windows 10
-
@GCHQ make sure your VM can't access the internet.. some malware can break out of them
-
Condor323326yNot logged into Facebook or Discord on my phone, but when I get back home I'll relay this to the security chaps there, probably someone there knows how to do it. Never had to deal with batch scripts myself so far and I've no idea how the language works so.. ¯\_(ツ)_/¯
-
Condor323326yI'd probably look at the obfuscators out there though, to see how they obfuscated it in the first place. First one that comes to mind would be msfvenom, chances are that they used that to obfuscate it.
Related Rants
Does anyone know of any tools for deobfuscating a batch script?
I got one of those scam emails with a .doc file attached and wanted to pull it apart, embedded in that file is a VBA script that runs as soon as the document is open. I have figured out how the script works I just have no idea when it comes to the batch script that its running, any help would be appreciated.
heres a pastebin link with the script, https://pastebin.com/SDWnQc48
question
malware
batch
.doc