exe2hexbat

exe2hexbat is designed to transform Windows PE executable files into batch files or PowerShell scripts, facilitating the obfuscation and deployment of executables in Windows environments. This tool is particularly useful for penetration testers and red teamers who need to deliver payloads without triggering antivirus detection through direct EXE execution.

The primary use case involves converting an EXE into a self-contained batch or PowerShell script that can reconstruct and run the original binary. It supports reading from files or STDIN, with options for URL encoding and custom prefixes/suffixes to integrate into larger scripts or bypass basic filters.

Installed via Kali's package manager, it depends on Python 3 and provides exe2hex as the main binary. While the page shows core options, additional flags are available in the man page.

The tool reads a Windows PE EXE file (or from STDIN), converts its binary content into a hexadecimal representation, and embeds it into a batch file using the DEBUG.exe method (x86) or a PowerShell script (x86/x64). The output script includes commands to decode the hex data and execute it in memory, avoiding disk writes. Options like URL encoding modify the hex output for web transport, while prefix/suffix flags allow line-by-line customization for evasion.