Windows batch files (.bat) are often seen by people as very simple but they can be pretty complex or… contain interesting encoded payloads! I found one that contains multiple payloads decoded and used by a Powershell process. The magic is behind how comments can be added to such files. The default (or very common way) is to use the “REM” keyword. But you can also use a double-colon:
Article Link: https://isc.sans.edu/diary/rss/30592
1 post - 1 participant
Malware Analysis, News and Indicators - Latest topics
Post a Comment
Post a Comment