I found a suspicious batch script named Moviex.bat injected on one of my isolated machines, which doesn't have any important data on it. I'm just curious about what it does. I haven't run it and I don't take any responsibility for anyone else who might try running it. Below is the complete script for reference.
5 Answers
You could throw the random text into a base64 decoder tool for easier decoding. Just a warning though; you’ll want to assume that machine is compromised and should be wiped afterwards.
Just to add on, it appears this script downloads a fake JPEG from a server that actually contains malicious code. It could end up injecting this code into heavy CPU processes running on your machine. Proceed with caution!
This looks like a malware loader. I wouldn't run it outside of a quarantined environment, just to be safe.
If you ever give it to a paid version of ChatGPT, it might help decode this for you. But again, tread carefully.
The script sets a bunch of environment variables, many of which are parts of a base64 encoded string. A quick tip: take everything after the equals sign in each 'SET' command related to $encodedData, replace 'd@' with 'r', and decode it. You should be able to reveal the original script that way, but it's likely to still be malicious.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically