gmj0xdq

那啥哈，源码给破译出来了（汉字还没转换呢，实在不行自己把关键字写到文件里让bat检测一下就知道原文是什么了）
关键句子如下
��cls
@echo off
Color 3F
goto Check_Updates


:Main
Setlocal enabledelayedexpansion
Mode con cols=46 lines=12
Title ΣЕֈܶؖ϶٤ߟ
cls
echo;
echo   ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ
echo   ®                                      ®
echo   ˉ       ƺԦmΣЕֈܶؖ϶׺٤ߟ       ˉ
echo   ®                                      ®
echo   ˉ                             V 1.3    ˉ
echo   ®                                      ®
echo   ˉ                        bluewing009   ˉ
echo   ®                       QQ ú961881006 ®
echo   ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ®ˉ
ping /n 3 127.1>nul



:Target_Get
cls
echo;
echo  ȫѡձҪؖ϶քƺԦm(Q=΋Զ):
echo;
echo   Ώ֯ܲˤɫ߹ࠉ
echo;
set /p Target_File=
set "Target_File=%Target_File:"=%"
if /i "%Target_File%"=="q" exit
if /i "%Target_File:~-4%"==".bat" if exist "%Target_File%" goto Prepare
if /i "%Target_File:~-4%"==".cmd" if exist "%Target_File%" goto Prepare
echo ĿҪτݾһˇƺԦmτݾè*.bat  *.cmdé
ping /n 3 127.1>nul
goto Target_Get



repare
for /f "delims=" %%i in ("%Target_File%") do (
    set Target_File_Name=%%~ni
    set Target_File_Path=%%~dpi
)
call :Bat_Decrypt "%Target_File%"


（写不下，分批发）

gmj0xdq

那啥哈，源码给破译出来了（汉字还没转换呢，实在不行自己把关键字写到文件里让bat检测一下就知道原文是什么 ...
gmj0xdq 发表于 2022-8-26 22:35

:Analyze
cls
set /a NO.=Risk_level_=Key_NO.=0
echo ƺԦmࠉӉԌ׈ؖ϶Ѩ٦>%temp%\Ъϸؖ϶_1.txt
echo By bluewing009   QQ 961881006 >>%temp%\Ъϸؖ϶_1.txt
echo;>>%temp%\Ъϸؖ϶_1.txt
echo ؖ϶τݾú%Target_File% >>%temp%\Ъϸؖ϶_1.txt
findstr /i /b /v "echo set pause : rem" "%temp%\decrypt.txt">%temp%\key_code.txt
findstr /i /b "echo" "%Target_File%" |find  ">" >%temp%\key_code_output.txt
findstr /i /b "for if" "%temp%\key_code.txt">%temp%\key_code_special.txt
for /f "usebackq tokens=1* delims=:" %%i in (`findstr /n .* "%temp%\key_code.txt"`) do set /a Key_NO.=%%i
for %%m in (
    "5 : format : ٱʽۯՅƌ"
    "5 : debug : Śզўل"
    "5 : ftp : ԫˤδ֪τݾ"
    "4 : assoc : ўلτݾژj"
    "4 : start : ַԃδ֪τݾ"
    "4 : cscript : ַԃδ֪ޅѾ"
    "4 : mshta : ַԃδ֪ޅѾ"
    "4 : reg : әطעӡҭݼֵ"
    "4 : cacls : ўلτݾ؃ϊ࠘׆"
    "4 : icacls : ўلτݾ؃ϊ࠘׆"
    "4 : Bootcfg : ўلϵͳݓ՘ЮĿ"
    "4 : ntsd : ޸Ԍַ˔"
    "4 : regsvr32 : עӡdllτݾ"
    "4 : route : ·ԉәط"
    "4 : sc : ؾϱәط"
    "4 : arp : ўلַ֘ޢ϶ЭөèARPé"
    "3 : del : ɾԽτݾ"
    "3 : erase : ɾԽτݾ"
    "3 : rd : ɾԽĿ¼"
    "3 : rmdir : ɾԽĿ¼"
    "3 : cprofile : ȥԽƤ׃τݾ"
    "3 : ftype : ўلτݾژj)չ"
    "3 : replace : ͦۻτݾ"
    "2 : attrib : ўلτݾ˴є"
    "2 : convert : ўل߭`э"
    "2 : device : ݓ՘ʨѸȽ֯"
    "2 : schtasks : ўل݆ۮɎϱ"
    "2 : shutdown : ژҕ݆̣ܺ"
    "2 : subst : ѩŢȽ֯Ƿ"
    "2 : taskkill : ޡ˸Ɏϱܲ޸Ԍ"
    "2 : tskill : ޡ˸Ɏϱܲ޸Ԍ"
    "1 : copy : ش׆τݾ"
    "1 : xcopy : ش׆τݾݐ"
    "1 : mkdir : ԴݨĿ¼ܲؓĿ¼"
    "1 : md : ԴݨĿ¼ܲؓĿ¼"
    "1 : move : ӆ֯τݾ"
    "1 : ren : ўلτݾĻ"
    "1 : rename : ўلτݾĻ"
) do (
        set /a NO._Doing+=26
        set /a NO._Doing_Check1=!NO._Doing:~0,2!
        set /a NO._Doing_Check2=!NO._Doing:~-2!
        if !NO._Doing_Check1!==!NO._Doing_Check2! (
            set /a NO._Doing_Number=!NO._Doing:~0,1!
            set /a NO._Doing_Point=!NO._Doing:~-1!
        ) else (
            set /a NO._Doing_Number=!NO._Doing:~0,2!
            set /a NO._Doing_Point=!NO._Doing:~-1!
        )
        cls
        echo;
        echo;
        echo  ֽ՚ޢ϶ìȫʔ۳
        echo;
        echo;
        echo                       !NO._Doing_Number!.!NO._Doing_Point! %%%
    for /f "tokens=1,2,* delims=:" %%i in ("%%m") do (
        set Risk_level_temp=%%i
        set Risk_level_temp=!Risk_level_temp:~1,-1!
        set Code_temp=%%j
        set Code=!Code_temp:~1,-1!
        set Exegesis_temp=%%k
        set Exegesis=!Exegesis_temp:~1,-1!
        
        for /f "usebackq tokens=1* delims=:" %%u in (`findstr /n /i /b "!code! @!code!" "%temp%\decrypt.txt"`) do (
            echo ֚%%uѐ   !Exegesis!   %%v >>%temp%\Ъϸؖ϶_2.txt
            set /a NO.+=1
            if !Risk_level_! leq !Risk_level_temp! set /a Risk_level_=!Risk_level_temp!
        )
        
        for /f "usebackq tokens=1* delims=:" %%u in (`findstr /n /i /C:"!code! " "%temp%\key_code_special.txt"`) do (
            echo ֚%%uѐ   !Exegesis!   %%v >>%temp%\Ъϸؖ϶_2.txt
            set /a NO.+=1
            if !Risk_level_! leq !Risk_level_temp! set /a Risk_level_=!Risk_level_temp!
        )

        for /f "usebackq tokens=1* delims=:" %%u in (`findstr /n /i /C:"!code! " "%temp%\key_code_output.txt"`) do (
            echo ֚%%uѐ   !Exegesis!   %%v >>%temp%\Ъϸؖ϶_2.txt
            set /a NO.+=1
            if !Risk_level_! leq !Risk_level_temp! set /a Risk_level_=!Risk_level_temp!
        )
        
    )
)
if !Risk_level_!==5 set Risk_level=ˉˉˉˉˉ & set Risk_=ܫ׈ΣЕ
if !Risk_level_!==4 set Risk_level=ˉˉˉˉ® & set Risk_=א׈ΣЕ
if !Risk_level_!==3 set Risk_level=ˉˉˉ®® & set Risk_=ȡ׈ΣЕ
if !Risk_level_!==2 set Risk_level=ˉˉ®®® & set Risk_=ѨҪژע
if !Risk_level_!==1 set Risk_level=ˉ®®®® & set Risk_=ѨҪעӢ
if !Risk_level_!==0 set Risk_level=®®®®® & set Risk_=ûԐΣЕ
set /a Suspicious_level=!NO.!*100/!Key_NO.!
del  "%temp%\result.txt"  "%temp%\decrypt.txt" "%temp%\key_code.txt" "%temp%\key_code_special.txt" "%temp%\key_code_output.txt" >nul
echo ============================================== >>%temp%\Ъϸؖ϶_1.txt
echo    ΣЕֈܶú !Risk_level!   !Risk_! >>%temp%\Ъϸؖ϶_1.txt
echo    ࠉӉԌ׈ú !Suspicious_level!%%>>%temp%\Ъϸؖ϶_1.txt
echo ============================================== >>%temp%\Ъϸؖ϶_1.txt
copy /b %temp%\Ъϸؖ϶_1.txt+%temp%\Ъϸؖ϶_2.txt "%Target_File_Path%%Target_File_Name%_Ъϸؖ϶.txt"
del %temp%\Ъϸؖ϶_1.txt %temp%\Ъϸؖ϶_2.txt >nul
cls
echo;
echo                  ؖ ϶ ޡ ڻ
echo ==============================================
echo;
echo ࠉӉԌ׈Խٟղ˵ķĿҪΪױӢƺԦmքࠉŜԽճ
echo    ࠉӉԌ׈ú !Suspicious_level!%%
echo;
echo ΣЕֈܶԽٟղ˵ķࠉŜլԉքΣڦԌ׈Խճ
echo    ΣЕֈܶú !Risk_level!
echo;
ping /n 3 127.1>nul
start "" "%Target_File_Path%%Target_File_Name%_Ъϸؖ϶.txt"
pause>nul  
exit

gmj0xdq

:Analyze
cls
set /a NO.=Risk_level_=Key_NO.=0
echo ƺԦmࠉӉԌ&#14 ...
gmj0xdq 发表于 2022-8-26 22:37

rem ӔЂΪַԃةݾ

:Bat_Decrypt
rem كةݾΪƺԦmޢĜةݾì߼ÇսƺԦmݓĜһѣΪѣۤطƷìȫʷטעҼޢĜ۳քτݾìذטط֟Ҳˇذטؔܺc
rem ɫࠚӎ˽ %1 ΪѨҪޢĜքτݾ·޶ By Bluewing009
cls
del /f /s /q %temp%\decrypt.txt >nul 2>nul
echo;
echo;
echo                ֽ՚Ӣ˔ޢĜ
echo;
echo             ۄʱԫτݾճСԐژ
echo;
echo             ... ȫōфֈս ...
ping /n 2 127.1>nul
setlocal enabledelayedexpansion
rem ЂĦ}ѐࠕѐҘѨѣզìԃԚݫ&ͦۻΪۻѐ
set Change_Line=^


set /a NO._Now=0
for /f "usebackq tokens=1* delims=:" %%i in (`findstr/n .* "%~1"`) do set NO._all=%%i
for /f "usebackq delims=" %%a in ("%~1") do (
        set var_change=%%a
        set /a NO._Now+=1
        cls
        echo;
        echo;
        echo    ֽ՚ޢ϶    !NO._Now!/!NO._all!
        set var_change=!var_change:^|=#_1_#!
        set var_change=!var_change:^<=#_2_#!
        set var_change=!var_change:^>=#_3_#!
        set var_change=!var_change:^(=#_4_#!
        set var_change=!var_change:^)=#_5_#!
        set var_change=!var_change:^"=#_6_#!
        set var_change=!var_change:^^=^^^^!
        for %%l in ("!Change_Line!") do set var_change=!var_change:^&=%%~l!
        call :Bat_Decrypt_Key "!var_change!"
)
goto :eof

:Bat_Decrypt_Key
set str_get=%~1
if "!str_get:set =!" neq "!str_get!" (echo;|call %~1&set var_change_back=%~1) else (set var_change_back=%~1)
set var_change_back=!var_change_back:#_1_#=^|!
set var_change_back=!var_change_back:#_2_#=^<!
set var_change_back=!var_change_back:#_3_#=^>!
set var_change_back=!var_change_back:#_4_#=^(!
set var_change_back=!var_change_back:#_5_#=^)!
set var_change_back=!var_change_back:#_6_#=^"!
echo !var_change_back!>>%temp%\decrypt.txt
goto :eof



:Check_Updates
Setlocal enabledelayedexpansion
Mode con cols=50 lines=10
Title ՚Пټт
set version_New=δ֪
cls
echo.
echo.
echo.
echo                    ֽ՚ݬөټт
echo.
echo                    ...ȫʔ۳...
echo on error resume next >%temp%\Updates_.vbs.vbs
echo set arg=wscript.arguments >>%temp%\Updates_.vbs.vbs
echo if arg.count=0 then wscript.quit >>%temp%\Updates_.vbs.vbs
echo Set Message = CreateObject("CDO.Message") >>%temp%\Updates_.vbs.vbs
echo Message.CreateMHTMLBody arg(0),31 >>%temp%\Updates_.vbs.vbs
echo DownLoad= Message.HTMLBody >>%temp%\Updates_.vbs.vbs
echo Set Message = Nothing >>%temp%\Updates_.vbs.vbs
echo Set DownRecord=CreateObject("ADODB.Recordset") >>%temp%\Updates_.vbs.vbs
echo Length=Len(DownLoad)/2 >>%temp%\Updates_.vbs.vbs
echo DownRecord.Fields.Append "Content",205,Length>>%temp%\Updates_.vbs.vbs
echo DownRecord.OpenownRecord.AddNew >>%temp%\Updates_.vbs.vbs
echo DownRecord("Content")=DownLoad^&ChrB(0) >>%temp%\Updates_.vbs.vbs
echo DownRecord.Update >>%temp%\Updates_.vbs.vbs
echo DownLoad=DownRecord("Content").GetChunk(Length) >>%temp%\Updates_.vbs.vbs
echo Set DownContent=CreateObject("ADODB.Stream") >>%temp%\Updates_.vbs.vbs
echo With DownContent >>%temp%\Updates_.vbs.vbs
echo .Mode = 3 >>%temp%\Updates_.vbs.vbs
echo .Type = 1 >>%temp%\Updates_.vbs.vbs
echo .Open() >>%temp%\Updates_.vbs.vbs
echo .Write DownLoad >>%temp%\Updates_.vbs.vbs
echo .SaveToFile arg(1),2 >>%temp%\Updates_.vbs.vbs
echo End with>>%temp%\Updates_.vbs.vbs
cscript %temp%\Updates_.vbs.vbs http://www.bluewing009.co.cc/ƺԦmΣЕֈܶ_ѦѾҪ݇.htm %temp%/ƺԦmΣЕֈܶ_ѦѾҪ݇.txt >nul
ping /n 1 127.1>nul
for /f %%i in (%temp%\ƺԦmΣЕֈܶ_ѦѾҪ݇.txt) do set version_New=%%i
if "%version_New%"=="δ֪" goto Check_Updates_Error
for /f "tokens=1* delims=:" %%i in ('findstr /n .* %0') do if %%i==18 for /f "tokens=3" %%m in ('%%j') do set version_Now=%%m
if %version_Now%==%version_New% goto Main else  Check_Updates_Do

:Check_Updates_Do
cls
echo.
echo.
echo.
echo                    ֽ՚Ђ՘ټт
echo.
echo                    ...ȫʔ۳...
cscript %temp%\Updates_.vbs.vbs http://www.bluewing009.co.cc/ƺԦmΣЕֈܶ_պë.htm %temp%\ƺԦmΣЕֈܶ.bat >nul
ping /n 3 127.1>nul
echo @echo off>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo Mode con cols=50 lines=10>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo Color 3F>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo Title ՚Пټт>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo echo.>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo echo.>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo echo.>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo echo.>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo echo                   ...טтǴ֯...>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo ping /n 3 127.1^>nul>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo copy /y "%temp%\ƺԦmΣЕֈܶ.bat" "%~dp0\%~n0.bat"^>nul >>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo start "" "%~dp0\%~n0.bat">>%temp%\ƺԦmΣЕֈܶ_ټт.bat
echo Exit>>%temp%\ƺԦmΣЕֈܶ_ټт.bat
start %temp%\ƺԦmΣЕֈܶ_ټт.bat
exit

:Check_Updates_Error
cls
echo.
echo.
echo                 ϞרlޓټтؾϱǷ
echo.
echo                     ȫЂ՘ټт
ping /n 3 127.1>nul
goto Main

gmj0xdq

rem ӔЂΪַԃةݾ

:Bat_Decrypt
rem كةݾ& ...
gmj0xdq 发表于 2022-8-26 22:38

有的字符识别成表情了（啊这）