[TOOL] [Windows] S.U.R v1.3 - Simple Unpack & Repack Tool Deodexer [by JamFlux]

Status
Not open for further replies.
Search This thread

najabi

Senior Member
Jan 14, 2018
287
102
48
Bilbao
possible virus detected

Because batch file it's converted to .exe and thats why. Don't worry. It's safe.

So then, Why is SUR.exe needed if Sur.bat works ok without it?
Bro, virustotal detects 8/69 threats of SUR.exe file:
https://www.virustotal.com/gui/file/68f8708f5f156caef86535cb132e82527eb08ead3facaf3f09c10ab28618670c/behavior/VirusTotal%20Jujubox
Behaviour of this file does these filesystem actions:
Code:
Processes Tree
2584 - factura.exe
148 - C:\Windows\system32\cmd /c C:\Users\<USER>\AppData\Local\Temp\D751.tmp\D752.bat C:\Users\<USER>\Downloads\factura.exe
2812 - mode con: cols=72 lines=13

WTH is factura.exe?
Similarly, SUR_v1.1u.7z is 13/51 detected by Virustotal.
 
Last edited:

JamFlux

Senior Member
May 14, 2014
266
1,097
Villavicencio
So then, Why is SUR.exe needed if Sur.bat works ok without it?
Bro, virustotal detects 8/69 threats of SUR.exe file:
https://www.virustotal.com/gui/file/68f8708f5f156caef86535cb132e82527eb08ead3facaf3f09c10ab28618670c/behavior/VirusTotal%20Jujubox
Behaviour of this file does these filesystem actions:
Code:
Processes Tree
2584 - factura.exe
148 - C:\Windows\system32\cmd /c C:\Users\<USER>\AppData\Local\Temp\D751.tmp\D752.bat C:\Users\<USER>\Downloads\factura.exe
2812 - mode con: cols=72 lines=13

WTH is factura.exe?
Similarly, SUR_v1.1u.7z is 13/51 detected by Virustotal.

Hi @najabi

I used a tool to compile .bat to .exe, may be its a false positive. I use that program because it can add administrative privileges. But now I put administrative privileges to .bat inside. Just use .bat from here: https://github.com/jamflux/SUR/raw/master/SUR.bat
 

najabi

Senior Member
Jan 14, 2018
287
102
48
Bilbao
Hi @najabi

I used a tool to compile .bat to .exe, may be its a false positive. I use that program because it can add administrative privileges. But now I put administrative privileges to .bat inside. Just use .bat from here: https://github.com/jamflux/SUR/raw/master/SUR.bat

Hi JamFlux,
I tried to unpack a vendor .zip with the utility using the .bat but I got an error anyway.
I think it's best to use scripting commands than .exe binaries when possible, they are easier to spot and analyse. You can use administrative command promt aswell. Which tool do you use to make executables from .bat files? Is it from reputable sources?
 

JamFlux

Senior Member
May 14, 2014
266
1,097
Villavicencio
Hi JamFlux,
I tried to unpack a vendor .zip with the utility using the .bat but I got an error anyway.
I think it's best to use scripting commands than .exe binaries when possible, they are easier to spot and analyse. You can use administrative command promt aswell. Which tool do you use to make executables from .bat files? Is it from reputable sources?

Hi
I'm using this tool:
https://bat-to-exe-converter.uptodown.com/windows

But now I'm using command promt inside .bat
Hope you can unpack vendor.img
Best regards
 

najabi

Senior Member
Jan 14, 2018
287
102
48
Bilbao
Hi
I'm using this tool:
https://bat-to-exe-converter.uptodown.com/windows

But now I'm using command promt inside .bat
Hope you can unpack vendor.img
Best regards

In my opinion, I don't think it's a reputable tool, the developer's webpage doesn't work, and uptodown is not exactly a trusted source.
We must be extra careful these days as they put virus everywhere in executables.
That SUR.exe file is detected as infected by several engines, I think you should consider removing it from the tool.
 
Last edited:

JamFlux

Senior Member
May 14, 2014
266
1,097
Villavicencio
In my opinion, I don't think it's a reputable tool, the developer's webpage doesn't work, and uptodown is not exactly a trusted source.
We must be extra careful these days as they put virus everywhere in executables.
That SUR.exe file is detected as infected by several engines, I think you should consider removing it from the tool.

I remove totally the executable in new version. Thanks.
 
Status
Not open for further replies.

Top Liked Posts