# This Special Char Can Really SCREW You: RLO (right-to-left override)

Windows users, did you know that an ```.exe``` or ```.bat``` file can look like a ```.jpg``` or ```.png``` file with the ```RLO``` (right-to-left override) character?

Here are two examples:
A batch file like ```comment_space-vs-gnp.bat``` could look like an innocent PNG image like -> ```comment_space-vs-tab.png```

And an EXE like ```luxury_picture_delugpj.exe``` could seem ingenuous as an JPG picture -> ```luxury_picture_deluexe.jpg```

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1645268994323/mhM2qcnHN.png)

With an embedded icon the EXE would also look like a picture thumbnail.

How is this possible?

When **renaming** a file like ```luxury_picture_delugpj.exe``` in Windows -> place the cursor where you want the rest of the file name to appear spelled backwards (like ```luxury_picture_delu[CURSOR-HERE]gpj.exe```) -> press the right mouse button -> select **Insert Unicode control character** (sounds dodgy already, right?) -> and hit **RLO** -> press ENTER / save the file name -> and it's DONE

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1645269504139/PRjlr3T6q.png)

The file name should now appear as in the 1st picture above: ```luxury_picture_deluexe.jpg```. However, it **is** in fact still the very same **EXE**.

So, how to avoid getting screwed by an innocent looking ransomware, you may ask?

Simply and as ever before: **NEVER TRUST FILE EXTENSIONS!**

Plus: *Some* antivirus solutions might flag such RLO files as suspicious - so you might check out if yours does so.
