A simple exploit as always, can help get around this.
I have a ton of supporting evidence, if needed I can dig through tons of virus scan records. This is also NOT perfect, this is better than the default running or writing files option. At first pass, windows and 3rd part light up much less.
For both:
use multiple variables when writing the extension. This works for me in both python and ahk IE:
if I want the exe file "word.exe" to run, I obfuscate like this:
Code: Select all
word := "word"
Period := "."
LetterE := "e"
XX := "x"
DontNameThisVariableExecutable := word . Period . LetterE . XX . LetterE
9 virus flags if I were to write an executable with a single string. 1 total after this method.
For writing bat files specifically. This works. Write to text first, FileMove overwrite with the bat file variable.
Code: Select all
ex := "b" . "at"
temp := A_MyDocuments "\launcher.txt"
BatFile := A_MyDocuments "\launchlog." . ex
batscript=
(
@echo off
SET /A a = 5
SET /A b = 10
)
FileAppend, %batscript%, %temp%
FileMove, %temp%, %BatFile%, 1