igor0
11
- could be part of some “policy-setting” script, used by the admin
- someone might like to change his wallpaper every day?
I am saying that there is no “database of commands” - it’s not possible to detect just the single lines, it would produce too many false positives.
The whole script files are detected - but detecting your specific file, if it’s only you who has it and you don’t use it for any malicious purposes, is pointless - it’s a “ZOO sample”.
I’m sure there are many real scripts, using very similar or same lines as the ones you used, that are detected.
Certainly could be used that way - if somebody included it as a payload into an exploit/downloader package.