Decoding BAT script - character set encoding

Unique way used by attacker to encode the bat script , commonly see in virus samples.

When you opened file in notepad++ , you can see data like

Encoded BAT script

At first glance data looks like some clean chinese scripting data.

To decode such scripts you just have to change the encoding method of the file.

1. Change the file extension to .doc
2. Open the file into MS Word
3. Choose the Text encoding as ‘MS-DOS’

Changing encoding method to MS-DOS

Yaay!! You can able to see the script in readable format!