Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

Start-up scripts & related

Article detailing the mechanisms of malware persistence by the use of scripts.
© PA Knowledge Ltd | 7Safe Training
Start-up scripts & related

Scripts simply contain instructions to do something. There are different types of scripts for example Batch scripts, Python scripts and PowerShell scripts. Each script may need a particular program or operating system to run it. Scripts do not normally contain any malicious code as this would be picked up by antivirus solutions. It may however contain instructions that are malicious! Scripts can be placed in any location on a computer and be set to run when a computer is either booted or when a particular user logs in. They can also be run by a scheduled task or run by a program etc. Scripts can be in a human readable format or they can be encoded.

Let’s look at a simple batch script below:

Snippet of batch script depicting legitimate commands with a nefarious command to execute malware.

There are essentially four parts to the batch script:

Line 1: Don’t write anything to stdout (the screen).

Line 2: Comments (all comments are ignored).

Line 3: Use the net use program to map a persistent share using a particular user account.

Line 4: Execute batch file in system32 folder.

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now