When analyzing viruses, you will always encounter various types of samples. Bat script viruses are also very common. Bat is a scripting language. It will be clear to view the source code with a text viewer. Many people do not want others to see their source code. , There are also some encryption methods
What I want to share this time is the decryption method using the encryption method generated by the character set encoding
I got a bat script and opened it with notepad++ and found that it was garbled
挦獬敀档景൦䌊尺楗摮睯屳祓瑳浥㈳坜湩潤獷潐敷卲敨汬癜⸱尰潰敷獲敨汬攮數ⴠ硅捥瑵潩偮汯捩⁹祢慰獳ⴠ潮牰景汩眭湩潤獷祴敬栠摩敤丨睥伭橢捥⁴祓瑳浥丮瑥圮扥汃敩瑮⸩潄湷潬摡楆敬✨瑨灴⼺猯祫慭瑳㌲ⴱ〰ⴱ楳整⸱瑨浥異汲挮浯㐯獪Ⱗ┧单剅剐䙏䱉╅䅜灰慄慴㑜獪⤧※浣振✠唥䕓偒佒䥆䕌尥灁䑰瑡屡昴樮❳硅瑩
Many people may be confused at once. Why the bat script that can run normally is garbled? I don’t know how to analyze it. In fact, it is very simple to decrypt it.
1. We changed the script suffix to doc
2. Use word to open
3. Choose MS-DOS text encoding
Click OK, the source code is clear at a glance