ईसीजीसी लिमिटेड
(भारत सरकार का उद्यम)
Use AppLocker or Software Restriction Policies to prevent standard users from running .bat or .vbs files from the AppData or Temp folders.
Having explored the legitimate possibilities, it's crucial to examine the darker side. The very functionality that makes batch files useful also makes them a common tool for malicious actors, primarily due to how easy they are to write. The innocuous name get-keys.bat could be a clever disguise for several types of malicious software.
The convenience of a script from GitHub or a tech forum comes with inherent risk. Malicious actors could embed code to install malware or steal data. The repository fkie-cad/windowsScripts explicitly warns users: "" This is the golden rule for any script you run. get-keys.bat
Extracting plaintext passwords from memory.
Automating the generation, rotation, or distribution of Secure Shell (SSH) keys across multiple network endpoints. Use AppLocker or Software Restriction Policies to prevent
A typical script of this nature might use the REG QUERY command to find specific data:
If part of a malware chain, the script may target sensitive directories to copy "key" files for remote upload: The innocuous name get-keys
get-keys.bat is a simple batch file that runs commands in Windows Command Prompt to extract license keys (product IDs, activation keys) from the local system. It’s often used for:
Malicious variants can download and install keyloggers.These programs record every keystroke you type, exposing banking details, personal messages, and login credentials to hackers. How to Safely Inspect get-keys.bat
Be highly suspicious if you see any of the following commands:
