1

I have a simple launcher for my program:

@echo off
del /s /f /q "Log.txt"
for /f "delims=" %%x in (lic.dll) do set "lic=%%x"
if %lic%==1 goto full
if %lic%==0 goto normal
goto fail
:full
start m1.hta
rem Hideself
goto fail
:normal
start m2.hta
rem Hideself
goto fail
:fail
goto :eof

When i virus scan it i get this: https://www.virustotal.com/en/file/4091db406700b751ab4b01df901a4992226235abc16b87adb047911e0e256b08/analysis/1398529283/

Saying that the file is clean. My problem arises when i compile it in to a exe.

If i use advanced bat to exe converter To convert it i get this:https://www.virustotal.com/en/file/ab3bac03bcdd6aa1305764a1f64e77e651522246c2d7abbd1da427d76604ec2e/analysis/

This is the same batch file just compiled and it coming up as a virus is a real problem. So i decided to search for a different bat to exe program. I got similar results.

My question is: Can any one ether help me find a solution or a alternative piece of software i can use. It must be able to compile the above code in to a exe with a virus detection of less than 4. Also it must be secure (cant be revers engendered easily or unzipped). This is a problem that has been on going and may stop the release of the program so whoever manages to help i will also award 50 rep as an extra bounty.

09stephenb
  • 8,514
  • 14
  • 50
  • 88

3 Answers3

2

Using autoit Fileinstall function i get a 5/51

https://www.virustotal.com/pt/file/b3241a6458469908db157a211fcff66c240f4872bd0feaaea15dce5dff98632f/analysis/1398538044/

Here is the code i tried :

FileInstall("C:\PROGRAMMATION\test.bat",@ScriptDir&"\test.bat")
RunWait(@ComSpec & " /c " & "test.bat")
FileDelete(@scriptdir&"\test.bat")

This code was compilated as stephen.exe.

SachaDee
  • 9,017
  • 3
  • 20
  • 31
  • Looks good but i have one problem. I have changed `C:\PROGRAMMATION\test.bat` to `C:\Users\09stephenb\Desktop\LanuchGUI.bat` but when i compile it i get `Error: Binary integrity can't be verified.`. Do you know how to solve this. Thanks. – 09stephenb Apr 26 '14 at 19:27
  • Download the last version of Autoit or try to deactivate your Avast just the time of compiling your script. – SachaDee Apr 26 '14 at 19:37
  • I have just downloaded the newest version of auto it from the website and it isn't avast because i am using my VM and this docent have avast. Also what version of autoit are you using. I have just notated that it works when run but it just wont let me compile it. – 09stephenb Apr 26 '14 at 19:43
  • Very strange. try just to compile a script like : msgbox("","","Hello") – SachaDee Apr 26 '14 at 19:47
  • Are you using SCITE to edit the code and compiling ? – SachaDee Apr 26 '14 at 19:58
  • Fixed boosted into windows 8 and it works and strangely when i booted back into windows 7 it worked. One final question how do i get a auto it script to hid its self (run in background) – 09stephenb Apr 26 '14 at 20:07
  • You mean the batch ? RunWait(@ComSpec & " /c " & "test.bat",-1, @SW_HIDE ) – SachaDee Apr 26 '14 at 20:13
1

Any bat-to-exe compiler can be bypassed and the code viewed, as they all extract the code to a temporary file and this can be tracked down.

You could install the trial version of PureBasic/another BASIC dialect and write the code in basic and then compile it for real.

foxidrive
  • 39,095
  • 8
  • 48
  • 68
  • Ar this is just the launcher. I have a 3000 line batch file for the program and rewriting is going to take a long time. – 09stephenb Apr 26 '14 at 17:10
1

VBScript to exe is easy and requires no software other than what you've already got. http://social.msdn.microsoft.com/Forums/en-US/adcae113-4758-481a-a367-60d5d14d97d6/this-is-how-to-turn-vbs-and-js-files-into-exe-files-from-the-command-line-without-third-party-tools?forum=scripting

Unlike VBScript, batch files are run by an exe. The above techniques won't work.

Putting command prompt commands into brackets gives you almost batch functionally. EG

echo off
echo Hello

becomes

(echo off
echo hello)

You could paste/send keys (both vbscript)/send message (vb.net) this to a hidden command prompt. This is how to start a hidden command prompt in vbscript.

CreateObject("Wscript.Shell").Run "cmd /k", 0, False

Whether you use a temporary file or send the commands some other way you can use iexpress to make your exe. Type in Start - Run

iexpress

EG for your launcher bat you could (note 1 means normal and 0 hidden)

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.OpenTextFile("lic.dll", 8, true)
If ts.readline = 0 then
    CreateObject("Wscript.Shell").Run "cmd /k hta1.hta", 1, False
Else
    CreateObject("Wscript.Shell").Run "cmd /k hta2.hta", 1, False
End if
tony bd
  • 126
  • 2
  • Also you could use vb.net (vbscript 99% works in vb.net - you just need to add a top and bottom line and add some brackets) which is already installed, and use API calls to feed the commands into cmd's buffer. See http://stackoverflow.com/questions/1859323/net-inject-data-into-input-buffer-of-process – tony bd Apr 26 '14 at 19:05
  • Also writing the file with this attribute FILE_ATTRIBUTE_TEMPORARY A file is being used for temporary storage. File systems avoid writing data back to mass storage if sufficient cache memory is available, because an application deletes a temporary file after a handle is closed. In that case, the system can entirely avoid writing the data. Otherwise, the data is written after the handle is closed. – tony bd Apr 26 '14 at 19:18
  • Whether you use a temporary file or send the commands some other way you can use iexpress to make your exe. Type in Start - Run iexpress – tony bd Apr 26 '14 at 19:50