To help in the analysis of malware which uses Windows batch scripts we just released a package on Cerbero Store called “Simple Batch Emulator”. The name of the package is self-explanatory as it provides a basic emulator for batch scripts. The package is available to all commercial licenses of Cerbero Suite Advanced.
The following is a malicious OneNote document. All embedded files are automatically extracted thanks to the “OneNote Format” package.
![](/wp-content/uploads/2023/02/batchemu/1.png)
Two of the embedded files are batch scripts. We can execute the action to emulate the obfuscated batch code.
Continue reading “Simple Batch Emulator Package”