Simple Exploit in Windows for launching Bat and Exe files without raising Windows Defender Flags

Post your working scripts, libraries and tools for AHK v1.1 and older
sashaatx
Posts: 333
Joined: 27 May 2021, 08:27
Contact:

Simple Exploit in Windows for launching Bat and Exe files without raising Windows Defender Flags

Post by sashaatx » 26 Jan 2023, 16:52

From my experience, regardless of language, windows hates importing executables and hates running or writing bat files in real time.

A simple exploit as always, can help get around this.

I have a ton of supporting evidence, if needed I can dig through tons of virus scan records. This is also NOT perfect, this is better than the default running or writing files option. At first pass, windows and 3rd part light up much less.

For both:
use multiple variables when writing the extension. This works for me in both python and ahk IE:

if I want the exe file "word.exe" to run, I obfuscate like this:

Code: Select all

word := "word"

Period := "."
LetterE := "e"
XX := "x"

DontNameThisVariableExecutable := word . Period . LetterE . XX . LetterE

9 virus flags if I were to write an executable with a single string. 1 total after this method.


For writing bat files specifically. This works. Write to text first, FileMove overwrite with the bat file variable.

Code: Select all

ex := "b" . "at"
temp :=  A_MyDocuments "\launcher.txt"
BatFile :=  A_MyDocuments "\launchlog." . ex

batscript=
(
@echo off 
SET /A a = 5 
SET /A b = 10
)



FileAppend, %batscript%, %temp%

FileMove, %temp%, %BatFile%, 1

I'm not saying Im level 5000 knowledgeable on this stuff, but after releasing a few dozen executables, testing flags and bootstrapping the reduction in flagging from virus total, this helped.
https://github.com/samfisherirl
? /Easy-Auto-GUI-for-AHK-v2 ? /Useful-AHK-v2-Libraries-and-Classes : /Pulovers-Macro-Creator-for-AHKv2 :

User avatar
Animan8000
Posts: 56
Joined: 11 May 2022, 05:00
Contact:

Re: Simple Exploit in Windows for launching Bat and Exe files without raising Windows Defender Flags

Post by Animan8000 » 01 Feb 2023, 03:52

Wouldn't it make more sense to use the /c parameter of CMD and then just use the & operator of CMD for several commands in one, to run batch scripts without bat files, or is that also being flagged?

Post Reply

Return to “Scripts and Functions (v1)”