Code:
@echo off
pushd "%~dp0"
IF EXIST "%1" GOTO DECODE_INDIVIDUAL
:DECODE_MULTIPLE
xcopy /s /c /d /e /h /i /r /y "%cd%\_decode" "%cd%\_decoded_rm\"
"%cd%\bin\nws\opdump.exe" "%1"
dir %cd%\_decoded_rm\*.php /A:-D /B /O:N /S >> %cd%\filelist_rm.txt
dir %cd%\_decoded_rm\*.php5 /A:-D /B /O:N /S >> %cd%\filelist_rm.txt
dir %cd%\_decoded_rm\*.php4 /A:-D /B /O:N /S >> %cd%\filelist_rm.txt
@echo on
for /F %%e in (%cd%\filelist_rm.txt) do ( copy "%%e" "%cd%\bin\rm\file.php" && "%cd%\bin\rm\php.exe" "%cd%\bin\rm\file.php" && move "%cd%\bin\rm\main*.log" "%%e" && del "%cd%\bin\rm\file.php")
del /Q "%cd%\filelist_rm.txt"
GOTO DECODE_END
:DECODE_INDIVIDUAL
@echo on
"%cd%\bin\rm\php.exe" "%1" && move "%cd%\bin\rm\main*.log" "%1.rm.txt"
:DECODE_END
[Report]
AVG Free -
Clean
ArcaVir -
Clean
Avast 5 -
Clean
Avast -
Clean
AntiVir (Avira) -
Clean
BitDefender -
Clean
VirusBuster Internet Security -
Clean
Clam Antivirus -
Clean
COMODO Internet Security -
Clean
Dr.Web -
Trojan.PWS.Siggen.25968\r
eTrust-Vet -
Clean
F-PROT Antivirus -
Clean
F-Secure Internet Security -
Clean
G Data -
Clean
IKARUS Security -
Trojan-Dropper.Small
Kaspersky Antivirus -
Clean
McAfee -
Clean
MS Security Essentials -
Clean
ESET NOD32 -
Trojan.Win32/PSW.Fignotok.K
Norman -
Clean
Norton Antivirus -
Clean
Panda Security -
Clean
A-Squared -
Trojan-Dropper.Small!IK
Quick Heal Antivirus -
Clean
Rising Antivirus -
Clean
Solo Antivirus -
Clean
Sophos -
Clean
Trend Micro Internet Security -
Clean
VBA32 Antivirus -
Clean
Vexira Antivirus -
Clean
Webroot Internet Security -
Clean
Zoner AntiVirus -
INFECTED [BackDoor.Generic12.DHJ]
Ad-Aware -
Clean
AhnLab V3 Internet Security -
Clean
BullGuard -
Clean
[Info]
File:
opdump.exe
Size: 2126027 bytes
MD5: da7b998384e4bda50ad6af1142b40fb5
Rate: 5 de 35 (14%)
mozsqlite3.dll and mozcrt19.dll = stealer
this release equal to DeZender.DeIoncuber.06.09.2011 but infected