But, are .bat files can be trusted most of them used for bad purposes they look suspicious most of the time.
Thank you so much for taking the time and effort to clarify I am sorry I am not tech savvy to analyze or fully understand what this code can do.
The posted BAT isn’t encrypting anything—it only renames files—so by Kaspersky’s classification it’s a benign/PUA-style script, not true ransomware; they reserve “malware” flags for code that actually encrypts, persists, or destroys. Bitdefender’s block reflects stricter heuristics on mass file ops, but that cuts both ways: BD has also missed live ransomware waves like Magniber variants before generic detection caught up. This is why single-sample anecdotes don’t prove superior protection—focus on layered behavior defenses and tested responses to real crypto‑ransomware
I agree... it probably was developed for a genuine reason, but this file is not safe to let lay around just anywhere, or released into the wild. I have tons of files that I use for development that are perfectly safe in the right hands, but outside of that, they are anything but safe.
.
Well, the renaming can be reversed with another script.I agree... it probably was developed for a genuine reason, but this file is not safe to let lay around just anywhere, or released into the wild. I have tons of files that I use for development that are perfectly safe in the right hands, but outside of that, they are anything but safe.
This is why it is better to use Safe vs Not Safe for the final verdict, instead of Malicious vs Benign.
This file is not malicious, but it is also Not Safe.
Anyone that calls this file Safe needs to do the honorable thing and run it on their favorite folder of their computer
Totally agree.
It's about weaponise the script it's like using legitimate app to do unsafe things (using bitlocker or legitimate process to encrypt files) like filess malware I guess and process hijack etc.
www.cynet.com
For me if this happened to my files I would panic thinking my files encrypted and wouldn't figure it out that's just renaming or changing extension and of course would ask someone to help
But that’s why you are not supposed to go around and download/execute scripts. As part of a real attack, there will be other indicators like persistence, malicious website for distribution, code injection, downloading and dropping of content and so on. In this case, it will become suspicious/malicious. Right now, it’s harmless script.
Most likely someone wanted to test/debug the sandboxes, or some type of behavioural rules they’ve got and uploaded this simple file. Though this intelligence is used in many third-party open and closed source projects and the upload of benign files is strictly prohibited. The account needs to be reported for abusing the abuse.ch rules, assuming that the file was taken from there.
Yes, there are not a lot of benign files on malware repositories, but there are certainly some.
So any time you see any kind of coding in any script ps1 or bat and so forth, you consider them malicious ? It may sound harsh, but you better learn to program, sit in a computer science 101 at a university. You don't need to pass the entrance test, just get the class schedule to find the classroom and go sit down. Most professors allow that. Malware detection Requires one to understand code a little bit.
That’s a very wide subject. Typically, malware aims to be a self contained project, relying on dependancies makes it fragile and adds more ifs and buts to an already huge list of them. Malware will either come in an archive with all dependancies, or it will rely on tools and utilities already provided by the OS. Sandboxes typically provide the dependancies.
