Last active
October 19, 2021 17:23
-
-
Save ProIntegritate/b2315f160d1f561b0ec4496c9680c28f to your computer and use it in GitHub Desktop.
Virustotal false positive for an almost empty file with almost NO functionality:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| cls | |
| echo The following dummy code produces a false positive on Virustotal and MS Defender also reacts because of this: | |
| echo y | del t.vb* | |
| echo y | del t.exe | |
| echo ---------------------------------------- | |
| echo Decoding B64 sample... | |
| echo TW9kdWxlIE1vZHVsZTENCiAgICBTdWIgTWFpbigpDQogICAgICAgIENvbnNvbGUuV3JpdGVMaW5lKCJUaGlzIHByb2dyYW0gZG9lcyBub3RoaW5nIGJ1dCBwcmludCB0aGlzIGxpbmUgaW4gYSBjb25zb2xlIHdpbmRvdy4iKQ0KICAgIEVuZCBTdWINCkVuZCBNb2R1bGU= > t.vb.b64 | |
| certutil -decode t.vb.b64 t.vb | |
| echo ---------------------------------------- | |
| echo . | |
| type t.vb | |
| echo . | |
| echo ---------------------------------------- | |
| "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" t.vb > nul | |
| echo Press enter to tun code. | |
| pause | |
| t.exe | |
| echo ---------------------------------------- | |
| echo Upload to VT and see the results for yourself. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment