newbypass.bat need to be clarified

Question

newbypass.bat need to be clarified

Closed this issue 4 months ago · 4 comments

Hello, on taking a closer look at the file newbypass.bat, I noticed that it was in Chinese...
I tried to figure out what this meant and asked ChatGPT and BlackBox.ai for their help in understanding what exactly this file does. Neither of them could give me an answer...
So I'm asking the creator to explain how the file works, what it does and why it's in Chinese, so that I can check that it doesn't contain any malicious commands or viruses.
Thanks in advance!

Answer 1 · 2024-04-04T17:20:52.000Z

Complete guess so I may be wrong but I don't think that he made it, I think he just found these around the internet and put them into a file so it's easier for you to find and use

Answer 2 · 2024-04-04T17:21:05.000Z

sorry for 3 weeks late aswell

Answer 3 · 2024-04-19T21:49:54.000Z

The Chinese text is due to the encoding, if we run it through strings we get batch script
however it is obfuscated

cls
set "D=JXnoHdISwA GUaKmqegRlf7E1kML3@DzhZ2p9xc5vWsiNVyBFbuQ06OYTr84tCjP"
:~29,1%%D
:~42,1%%D
:~17,1%%D
:~60,1%%D
:~10,1%"%D
:~4,1%%D
:~41,1%%D
:~6,1%=%D
etc......

so pretty much what this does is it sets the variable D to the long string of text

:~29,1%%D
this pretty much takes the 29th letter from the 1st letter in the D variable so it would be "@"
and that does another set command

it keeps going like this
until it eventually runs this command

cmd /min /c "set __cOmPaT_LaYER=runasinvoker && start "" "command"

he had likely done this to help mitigate AV interference

Answer 4 · 2024-05-13T20:48:40.000Z

The Chinese text is due to the encoding, if we run it through strings we get batch script however it is obfuscated
cls
set "D=JXnoHdISwA GUaKmqegRlf7E1kML3@DzhZ2p9xc5vWsiNVyBFbuQ06OYTr84tCjP"
:~29,1%%D
:~42,1%%D
:~17,1%%D
:~60,1%%D
:~10,1%"%D
:~4,1%%D
:~41,1%%D
:~6,1%=%D
etc......
so pretty much what this does is it sets the variable D to the long string of text

:~29,1%%D this pretty much takes the 29th letter from the 1st letter in the D variable so it would be "@" and that does another set command

it keeps going like this until it eventually runs this command

cmd /min /c "set __cOmPaT_LaYER=runasinvoker && start "" "command"

he had likely done this to help mitigate AV interference

Interested in obfuscation?
Try my batch file obfuscator...
https://github.com/l-urk/CHINESE.BAT-OBFUSCATOR