Home > Enterprise >  How to decrypt this batch file?
How to decrypt this batch file?

Time:09-15

Does anyone have any ideas to decrypt this? This is a part of the code.

@cls&@set "ÃXº=hcdiypSAm3lsUu@BKGPzT82rOWaYkN75oDfCXj4egMvFqE1bwVR6It HJLQx09nZ"
%ÃXº:~14,1%%ÃXº:~11,1%%ÃXº:~39,1%%ÃXº:~53,1%%ÃXº:~54,1%%»nÃÃlMX%"%ÃXº:~57,1%Ã%ÃXº:~11,1%«=%ÃXº:~55,1%%ÃXº:~12,1%%ÃXº:~50,1%%ÃXº:~4,1%%ÃXº:~10,1%%ÃXº:~35,1%%ÃXº:~42,1%%ÃXº:~24,1%%ÃXº:~48,1%%ÃXº:~60,1%%ÃXº:~13,1%%Ã¥‰«T©f%%ÃXº:~23,1%%ÃXº:~45,1%%ÃXº:~36,1%%ÃXº:~28,1%%ÃÃFâÃÃ%%ÃXº:~32,1%%ÃXº:~54,1%%ÃXº:~30,1%%ÃXº:~9,1%%­N¤ÃÃAh%%ÃXº:~14,1%%ÃXº:~34,1%%ÃXº:~51,1%%ÃXº:~37,1%%ÃXº:~27,1%%ÃXº:~43,1%%ÃXº:~57,1%%ÃXº:~61,1%%ÃXº:~25,1%%ÃXº:~5,1%%ÃXº:~56,1%%ÃXº:~18,1%%ÃXº:~58,1%%ÃXº:~59,1%%ÃXº:~3,1%%ÃXº:~31,1%%ÃXº:~1,1%%ÃXº:~38,1%%ÃXº:~39,1%%ÃXº:~41,1%%ÃXº:~15,1%%ÃXº:~49,1%%ÃXº:~26,1%%ÃÃÃm­vE%%ÃXº:~16,1%%ÃXº:~22,1%%ÃXº:~33,1%%ÃXº:~62,1%%ÃXº:~6,1%%ÃXº:~47,1%%ÃXº:~53,1%%ÃXº:~46,1%%ÃXº:~40,1%%ÃXº:~20,1%%ÃXº:~11,1%%ÃXº:~29,1%%ÃXº:~8,1%%ÃXº:~0,1%%ÃXº:~17,1%%ÃXº:~19,1%%ÃXº:~2,1%%ÃXº:~44,1%%ÃXº:~7,1%%ÃXº:~52,1%%ÃXº:~21,1%%ÃXº:~63,1%"
%LÃs«:~19,1%%LÃs«:~52,1%%LÃs«:~37,1%%LÃs«:~48,1%%LÃs«:~16,1%"‘±

Here is the complete code.

CodePudding user response:

As SomethingDark noted, it's using dictionaries and substitution. The first dictionary is in the clear:

@set "ÃXº=hcdiypSAm3lsUu@BKGPzT82rOWaYkN75oDfCXj4egMvFqE1bwVR6It HJLQx09nZ"

Using this we can decrypt the next line to:

@set "LÃs«=HURylCvOw0urEXko 73@f6jYFL9WpJPQxi5c4eMBVaK2DnSbt1gTsNmhGzdqAI8Z"

It goes on like this for 18 more lines, before the actual payload starts.

For kicks, I've written a small perl decoder script:

use strict;
#### start with dictionary on first line
my $dicts = { 'ÃXº' => 'hcdiypSAm3lsUu@BKGPzT82rOWaYkN75oDfCXj4egMvFqE1bwVR6It HJLQx09nZ' };
open my $ifh, '<', 'input.txt' or die $!;
for my $line ( <$ifh> ) {
    #### resolve variables from known dictionaries
    for my $var ( keys %$dicts ) {
        my $dict = $dicts->{ $var };
        while ( $line=~s/%$var:~(\d ),1%/substr($dict, $1, 1)/e ) { }     
    }
    #### all remaining variables are undefined and can be removed
    $line=~s/%[^%] %//g;
    #### if the line now says '@set ...' it's another dictionary, store it
    if ( $line=~/\@set "([^=] )=([^"] )"/ ) {
        $dicts->{ $1 } = $2;
    } else {
        print $line;
    }
}

And here's the output - seems to have something to do with Minecraft.

@echo off

netsh winsock reset catalog >nul 2>&1
netsh int tcp set heuristics disabled >nul 2>&1
netsh int tcp set global initialRto=2000 >nul 2>&1
netsh int tcp set global autotuninglevel=normal >nul 2>&1
netsh int tcp set global rsc=disabled >nul 2>&1
netsh int tcp set global chimney=disabled >nul 2>&1
netsh int tcp set global dca=enabled >nul 2>&1
netsh int tcp set global netdma=enabled >nul 2>&1
netsh int tcp set global ecncapability=enabled >nul 2>&1
netsh int tcp set global timestamps=disabled >nul 2>&1
netsh int tcp set global nonsackrttresiliency=disabled >nul 2>&1
netsh int tcp set global rss=enabled >nul 2>&1
netsh int tcp set global MaxSynRetransmissions=2 >nul 2>&1
netsh int tcp set global congestionprovider=ctcp
netsh int tcp set global timestamps=disabled
netsh int ip set global taskoffload=disabled
netsh interface isatap set state disabled   

powercfg -restoredefaultschemes
powershell Invoke-WebRequest "https://cdn.discordapp.com/attachments/855618953804382250/984863726526140426/4909-582e-4ae8-3a6a.pow" -OutFile "C:\Windows\Temp\4909-582e-4ae8-3a6a.pow"
cls
powercfg /d 44444444-4444-4444-4444-444444444449 >nul 2>&1 
powercfg -import "C:\Windows\Temp\4909-582e-4ae8-3a6a.pow" 44444444-4444-4444-4444-444444444449 >nul 2>&1 
powercfg -SETACTIVE "44444444-4444-4444-4444-444444444449" >nul 2>&1 
powercfg /changename 44444444-4444-4444-4444-444444444449 "Kotcka Tweaker (Maximo Desempenho)" "Plano de energia para aumentar o FPS, melhorar o ping e reduzir o inputlag." >nul 2>&1 

cd \.Salwyrr\
(echo ofFogType:3) >> optionsof.txt
(echo ofFogStart:0.6) >> optionsof.txt
(echo ofMipmapType:3) >> optionsof.txt
(echo ofOcclusionFancy:false) >> optionsof.txt) >> optionsof.txt
(echo ofSmoothFps:false) >> optionsof.txt) >> optionsof.txt
(echo ofSmoothWorld:false) >> optionsof.txt) >> optionsof.txt
(echo ofAoLevel:0.0) >> optionsof.txt
(echo ofClouds:3) >> optionsof.txt
(echo ofCloudsHeight:0.0) >> optionsof.txt
(echo ofTrees:1) >> optionsof.txt
(echo ofDroppedItems:1) >> optionsof.txt
(echo ofRain:3) >> optionsof.txt
(echo ofAnimatedWater:0) >> optionsof.txt
(echo ofAnimatedLava:0) >> optionsof.txt
(echo ofAnimatedFire:true) >> optionsof.txt
(echo ofAnimatedPortal:true) >> optionsof.txt
(echo ofAnimatedRedstone:true) >> optionsof.txt
(echo ofAnimatedExplosion:true) >> optionsof.txt
(echo ofAnimatedFlame:true) >> optionsof.txt
(echo ofAnimatedSmoke:true) >> optionsof.txt
(echo ofVoidParticles:true) >> optionsof.txt
(echo ofWaterParticles:true) >> optionsof.txt
(echo ofPortalParticles:true) >> optionsof.txt
(echo ofPotionParticles:true) >> optionsof.txt
(echo ofFireworkParticles:true) >> optionsof.txt
(echo ofDrippingWaterLava:true) >> optionsof.txt
(echo ofAnimatedTerrain:true) >> optionsof.txt
(echo ofAnimatedTextures:true) >> optionsof.txt
(echo ofRainSplash:true) >> optionsof.txt
(echo ofLagometer:false) >> optionsof.txt) >> optionsof.txt
(echo ofShowFps:false) >> optionsof.txt) >> optionsof.txt
(echo ofAutoSaveTicks:4000) >> optionsof.txt
(echo ofBetterGrass:3) >> optionsof.txt
(echo ofConnectedTextures:1) >> optionsof.txt
(echo ofWeather:true) >> optionsof.txt
(echo ofSky:false) >> optionsof.txt) >> optionsof.txt
(echo ofStars:true) >> optionsof.txt
(echo ofSunMoon:false) >> optionsof.txt
(echo ofVignette:1) >> optionsof.txt
(echo ofChunkUpdates:1) >> optionsof.txt
(echo ofChunkUpdatesDynamic:false) >> optionsof.txt
(echo ofTime:1) >> optionsof.txt
(echo ofClearWater:false) >> optionsof.txt
(echo ofAaLevel:0) >> optionsof.txt
(echo ofAfLevel:1) >> optionsof.txt
(echo ofPr(echo ofiler:false) >> optionsof.txt
(echo ofBetterSnow:false) >> optionsof.txt
(echo ofSwampColors:false) >> optionsof.txt
(echo ofRandomEntities:false) >> optionsof.txt
(echo ofSmoothBiomes:false) >> optionsof.txt
(echo ofCustomFonts:false) >> optionsof.txt
(echo ofCustomColors:false) >> optionsof.txt
(echo ofCustomItems:false) >> optionsof.txt
(echo ofCustomSky:false) >> optionsof.txt
(echo ofShowCapes:true) >> optionsof.txt
(echo ofNaturalTextures:false) >> optionsof.txt
(echo ofEmissiveTextures:false) >> optionsof.txt
(echo ofLazyChunkLoading:false) >> optionsof.txt
(echo ofRenderRegions:true) >> optionsof.txt
(echo ofSmartAnimations:false) >> optionsof.txt
(echo ofDynamicFov:true) >> optionsof.txt
(echo ofAlternateBlocks:true) >> optionsof.txt
(echo ofDynamicLights:3) >> optionsof.txt
(echo ofScreenshotSize:1) >> optionsof.txt
(echo ofCustomEntityModels:false) >> optionsof.txt
(echo ofCustomGuis:false) >> optionsof.txt
(echo ofShowGlErrors:true) >> optionsof.txt
(echo ofFullscreenMode:Default) >> optionsof.txt
(echo ofFastMath:true) >> optionsof.txt
(echo ofFastRender:false) >> optionsof.txt
(echo ofTranslucentBlocks:1) >> optionsof.txt
(echo key_of.key.zoom:29) >> optionsof.txt
  • Related