Something I find quite interesting is PHP malware. This usually comes in the form of shells, which I write a bit about here Improving web shells with asymmetric encryption. These malwares often use obfuscation to make it harder to understand what the code is actually doing. However, with enough time and determination it is possible to break them down to understand their actions, and in some cases their vulnerabilities.
In particular I'm looking for:
This is just a hobby project so please let me know if you have any good ideas on what to look for!
The table below provides an overview of the malware analyzed so far.
The original code is provided as a zip with the password 123 to avoid any kind of unintentional execution
FS in the VirusTotal column means I made the First Submission.
Vulnerable means that anyone can access the functionality of the shell without access to the source code.
|Name (my)||File name(s)||VirusTotal||Vulnerable||MD5|
Uses a combination of base64, gzip and rot13 to obfuscate code allowing for remote-code execution.