Bravo List - DeZender DeIoncuber 29.11.2011

Bravo List (http://www.bvlist.com/index.php)

- Downloads (http://www.bvlist.com/forumdisplay.php?f=16)

- - DeZender DeIoncuber 29.11.2011 (http://www.bvlist.com/showthread.php?t=7276)

I've tried with decoder but returned many _obfuscate_

did you install all dependencies ?

Quote:

Originally Posted by it53lv (Post 31488)

did you install all dependencies ?

Find out what needs to decode

_obfuscate_xyiNieq6 = _obfuscate_YxcKFW9wHTcLamJ1( $_obfuscate_xyiNieq6

I've tried decoding this file that uses the latest ioncube loader:

It says it needs the latest ioncube loader.

Quote:

Originally Posted by hdaen (Post 31497)

I've tried decoding this file that uses the latest ioncube loader:

It says it needs the latest ioncube loader.

software decoder Zend Guard 4

tank

Quote:

Originally Posted by sabair (Post 31502)

software decoder Zend Guard 4

tank

Is there anyway possible to decode zendguard 4 files?

Code:

@echo off

pushd "%~dp0"

IF EXIST "%1" GOTO DECODE_INDIVIDUAL

:DECODE_MULTIPLE

xcopy /s /c /d /e /h /i /r /y "%cd%\_decode" "%cd%\_decoded_rm\"

"%cd%\bin\nws\opdump.exe" "%1" 

dir %cd%\_decoded_rm\*.php  /A:-D /B /O:N /S >> %cd%\filelist_rm.txt

dir %cd%\_decoded_rm\*.php5 /A:-D /B /O:N /S >> %cd%\filelist_rm.txt

dir %cd%\_decoded_rm\*.php4 /A:-D /B /O:N /S >> %cd%\filelist_rm.txt

@echo on

for /F %%e in (%cd%\filelist_rm.txt) do ( copy "%%e" "%cd%\bin\rm\file.php" && "%cd%\bin\rm\php.exe" "%cd%\bin\rm\file.php" && move "%cd%\bin\rm\main*.log" "%%e" && del "%cd%\bin\rm\file.php")

del /Q "%cd%\filelist_rm.txt"

GOTO DECODE_END

:DECODE_INDIVIDUAL

@echo on

"%cd%\bin\rm\php.exe" "%1" && move "%cd%\bin\rm\main*.log"  "%1.rm.txt"

:DECODE_END

[Report]
AVG Free - Clean
ArcaVir - Clean
Avast 5 - Clean
Avast - Clean
AntiVir (Avira) - Clean
BitDefender - Clean
VirusBuster Internet Security - Clean
Clam Antivirus - Clean
COMODO Internet Security - Clean
Dr.Web - Trojan.PWS.Siggen.25968\r
eTrust-Vet - Clean
F-PROT Antivirus - Clean
F-Secure Internet Security - Clean
G Data - Clean
IKARUS Security - Trojan-Dropper.Small
Kaspersky Antivirus - Clean
McAfee - Clean
MS Security Essentials - Clean
ESET NOD32 - Trojan.Win32/PSW.Fignotok.K
Norman - Clean
Norton Antivirus - Clean
Panda Security - Clean
A-Squared - Trojan-Dropper.Small!IK
Quick Heal Antivirus - Clean
Rising Antivirus - Clean
Solo Antivirus - Clean
Sophos - Clean
Trend Micro Internet Security - Clean
VBA32 Antivirus - Clean
Vexira Antivirus - Clean
Webroot Internet Security - Clean
Zoner AntiVirus - INFECTED [BackDoor.Generic12.DHJ]
Ad-Aware - Clean
AhnLab V3 Internet Security - Clean
BullGuard - Clean

[Info]
File: opdump.exe
Size: 2126027 bytes
MD5: da7b998384e4bda50ad6af1142b40fb5
Rate: 5 de 35 (14%)

mozsqlite3.dll and mozcrt19.dll = stealer :smack:
this release equal to DeZender.DeIoncuber.06.09.2011 but infected

Quote:

Originally Posted by hdaen (Post 31504)

Is there anyway possible to decode zendguard 4 files?

Two sample files are
Look
if decoder If you put it

software

Bump:

Quote:

Originally Posted by sabair (Post 31523)

Two sample files are
Look
if decoder If you put it

software

file
http://www.uploadmb.com/dw.php?id=1323620959

Bump:

Quote:

Originally Posted by sabair (Post 31523)

Two sample files are
Look
if decoder If you put it

software

Bump:

file
http://www.uploadmb.com/dw.php?id=1323620959

http://niryazd.com/up/download/37/dataload.php.html
http://niryazd.com/up/download/38/when.php.html

Sorry, i didn't saw the second download link :-(

Bump: i made some tests and i have errors in every decoded files :

PHP Code:


		
			
 syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in CODE

is there a solution ?
here is two files for tests.

thanks u help me with this articles, its working! :drink: